CVE-2012-3375

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.2.24

Description The epoll ctl system call in fs/eventpoll.c does not properly handle ELOOP errors in EPOLL CTL ADD operations, allowing local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. This issue exists due to an incorrect fix for a previous problem.

Recommendations For Linux kernel versions prior to 3.2.24, update to version 3.2.24 or later to resolve the issue. As a temporary workaround, consider restricting the use of the epoll ctl system call to minimize the risk of exploitation. Avoid using crafted applications that attempt to create circular epoll dependencies until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-17

Related Identifiers

BDU:2016-02217

CVE-2012-3375

RHSA-2012:1061

RHSA-2012:1150

RHSA-2012_1061

SUSE-SU-2012_1016-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0652-1

USN-1514-1

USN-1529-1

USN-1532-1

USN-1533-1

USN-1539-1

Affected Products

Linux Kernel

Red Hat

Suse

CVE-2012-3375

Weakness Enumeration

Related Identifiers

Affected Products

References · 27