CVE-2012-3375
CVE-2012-3375
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/19605unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13d518074a952d33d47c428419693f63389547e9https://bugzilla.redhat.com/show_bug.cgi?id=837502https://downloads.avaya.com/css/P8/documents/100165733http://secunia.com/advisories/51164https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9http://ubuntu.com/usn/usn-1529-1http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24http://www.openwall.com/lists/oss-security/2012/07/04/2http://www.securitytracker.com/id?1027237