Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2011-1083 — Uncontrolled Resource Consumption in Kernel

CWE-400 — Uncontrolled Resource Consumption16 documents9 sources

Severity

4.9MEDIUMNVD

EPSS

0.1%

top 64.83%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Kernel Redhat Enterprise Linux Desktop Redhat Enterprise Linux Server +3 more

Timeline

PublishedApr 4

Latest updateNov 21

Description

The epoll implementation in the Linux kernel 2.6.37.2 and earlier does not properly traverse a tree of epoll file descriptors, which allows local users to cause a denial of service (CPU consumption) via a crafted application that makes epoll_create and epoll_ctl system calls.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages7 packages

▶Debianlinux/linux_kernel< 3.2.23-1+3

▶NVDlinux/linux_kernel3.2.23+67

▶NVDsuse/linux_enterprise_server11

▶NVDsuse/linux_enterprise_desktop11

▶NVDredhat/enterprise_linux_server6.0

Patches

Patch: openwall.com ↗Patch: openwall.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-6f4r-j475-m5hg: The epoll_ctl system call in fs/eventpoll↗2022-05-17

▶

GHSA

GHSA-vx34-r39m-w274: The epoll implementation in the Linux kernel 2↗2022-05-13

▶

OSV

CVE-2012-3375: The epoll_ctl system call in fs/eventpoll↗2012-10-03

▶

CVEList

CVE-2012-3375: The epoll_ctl system call in fs/eventpoll↗2012-10-03

▶

CVEList

CVE-2011-1083: The epoll implementation in the Linux kernel 2↗2011-04-03

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel 2.6.x - epoll Nested Structures Local Denial of Service↗2011-03-02

▶

📋Vendor Advisories

Red Hat

kernel: epoll: can leak file descriptors when returning -ELOOP↗2012-03-27

▶

Debian

CVE-2012-3375: linux - The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 do...↗2012

▶

Red Hat

kernel: excessive in kernel CPU consumption when creating large nested epoll structures↗2011-02-25

▶

📄Research Papers

arXiv

Characteristics, Root Causes, and Detection of Incomplete Security Bug Fixes in the Linux Kernel↗2025-11-21

▶

arXiv

Timeloops: Automatic System Call Policy Learning for Containerized Microservices↗2022-09-26

▶

💬Community

Bugzilla

CVE-2012-3375 kernel: epoll: can leak file descriptors when returning -ELOOP↗2012-07-04

▶

Bugzilla

CVE-2011-1083 kernel: excessive in kernel CPU consumption when creating large nested epoll structures [fedora-all]↗2011-10-25

▶

Bugzilla

CVE-2011-1083 kernel: excessive in kernel CPU consumption when creating large nested epoll structures↗2011-03-02

▶