CVE-2012-3375

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.2.24

Description The epoll ctl system call in fs/eventpoll.c does not properly handle ELOOP errors in EPOLL CTL ADD operations, allowing local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. This issue exists due to an incorrect fix for a previous problem.

Recommendations For Linux kernel versions prior to 3.2.24, update to version 3.2.24 or later to resolve the issue. As a temporary workaround, consider restricting the use of the epoll ctl system call to minimize the risk of exploitation. Avoid using crafted applications that attempt to create circular epoll dependencies until the issue is resolved.