CVE-2012-3375
published 2012-10-03CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows…
PriorityP420medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
1.02%
59.1th percentile
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
Affected
72 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | < linux 3.2.23-1 (bookworm) | linux 3.2.23-1 (bookworm) |
| linux | linux_kernel | <= 3.2.23 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
osv4.9MEDIUM
vendor_ubuntu7.2HIGH
vendor_debian4.9MEDIUM
vendor_redhat4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6f4r-j475-m5hg: The epoll_ctl system call in fs/eventpoll
ghsa_unreviewed·2022-05-17·CVSS 4.9
CVE-2012-3375 [MEDIUM] GHSA-6f4r-j475-m5hg: The epoll_ctl system call in fs/eventpoll
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
OSV
CVE-2012-3375: The epoll_ctl system call in fs/eventpoll
osv·2012-10-03·CVSS 4.9
CVE-2012-3375 [MEDIUM] CVE-2012-3375: The epoll_ctl system call in fs/eventpoll
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
Ubuntu
Linux kernel (Oneiric backport) vulnerabilities
vendor_ubuntu·2012-08-14·CVSS 7.2
CVE-2012-2136 [HIGH] Linux kernel (Oneiric backport) vulnerabilities
Title: Linux kernel (Oneiric backport) vulnerabilities
Summary: Several security issues were fixed in the kernel.
An error was discovered in the Linux kernel's network TUN/TAP device
implementation. A local user with access to the TUN/TAP interface (which is
not available to unprivileged users until granted by a root user) could
exploit this flaw to crash the system or potential gain administrative
privileges. (CVE-2012-2136)
Ulrich Obergfell discovered an error in the Linux kernel's memory
management subsystem on 32 bit PAE systems with more than 4GB of memory
installed. A local unprivileged user could exploit this flaw to crash the
system. (CVE-2012-2373)
An error was discovered in the Linux kernel's memory subsystem (hugetlb).
An unprivileged local user could exploit this flaw to ca
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2012-08-10·CVSS 5.2
CVE-2012-2119 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was discovered in the Linux kernel's macvtap device driver, which is
used in KVM (Kernel-based Virtual Machine) to create a network bridge
between host and guest. A privleged user in a guest could exploit this flaw
to crash the host, if the vhost_net module is loaded with the
experimental_zcopytx option enabled. (CVE-2012-2119)
An error was discovered in the Linux kernel's network TUN/TAP device
implementation. A local user with access to the TUN/TAP interface (which is
not available to unprivileged users until granted by a root user) could
exploit this flaw to crash the system or potential gain administrative
privileges. (CVE-2012-2136)
A flaw was found in how the Linux kernel's KVM (
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2012-08-10·CVSS 7.2
CVE-2012-2136 [HIGH] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Several security issues were fixed in the kernel.
An error was discovered in the Linux kernel's network TUN/TAP device
implementation. A local user with access to the TUN/TAP interface (which is
not available to unprivileged users until granted by a root user) could
exploit this flaw to crash the system or potential gain administrative
privileges. (CVE-2012-2136)
Ulrich Obergfell discovered an error in the Linux kernel's memory
management subsystem on 32 bit PAE systems with more than 4GB of memory
installed. A local unprivileged user could exploit this flaw to crash the
system. (CVE-2012-2373)
An error was discovered in the Linux kernel's memory subsystem (hugetlb).
An unprivileged local user could exploit this flaw to cause a denial of
ser
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2012-08-10·CVSS 5.2
CVE-2012-2119 [MEDIUM] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
A flaw was discovered in the Linux kernel's macvtap device driver, which is
used in KVM (Kernel-based Virtual Machine) to create a network bridge
between host and guest. A privleged user in a guest could exploit this flaw
to crash the host, if the vhost_net module is loaded with the
experimental_zcopytx option enabled. (CVE-2012-2119)
An error was discovered in the Linux kernel's network TUN/TAP device
implementation. A local user with access to the TUN/TAP interface (which is
not available to unprivileged users until granted by a root user) could
exploit this flaw to crash the system or potential gain administrative
privileges. (CVE-2012-2136)
A flaw was found in how the Linux kernel
Ubuntu
Linux kernel (OMAP4) vulnerabilities
vendor_ubuntu·2012-08-10·CVSS 7.2
CVE-2012-2136 [HIGH] Linux kernel (OMAP4) vulnerabilities
Title: Linux kernel (OMAP4) vulnerabilities
Summary: Several security issues were fixed in the kernel.
An error was discovered in the Linux kernel's network TUN/TAP device
implementation. A local user with access to the TUN/TAP interface (which is
not available to unprivileged users until granted by a root user) could
exploit this flaw to crash the system or potential gain administrative
privileges. (CVE-2012-2136)
Ulrich Obergfell discovered an error in the Linux kernel's memory
management subsystem on 32 bit PAE systems with more than 4GB of memory
installed. A local unprivileged user could exploit this flaw to crash the
system. (CVE-2012-2373)
A flaw was discovered in the Linux kernel's epoll system call. An
unprivileged local user could use this flaw to crash the system.
(CVE-2012-
Red Hat
kernel: epoll: can leak file descriptors when returning -ELOOP
vendor_redhat·2012-03-27·CVSS 4.9
CVE-2012-3375 [MEDIUM] kernel: epoll: can leak file descriptors when returning -ELOOP
kernel: epoll: can leak file descriptors when returning -ELOOP
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
Statement: This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 6, since updates fixing CVE-2011-1083 contained a corrected patch that did not introduce this regression.
This has been addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2012-1061.html, and R
Debian
CVE-2012-3375: linux - The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 do...
vendor_debian·2012·CVSS 4.9
CVE-2012-3375 [MEDIUM] CVE-2012-3375: linux - The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 do...
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.
Scope: local
bookworm: resolved (fixed in 3.2.23-1)
bullseye: resolved (fixed in 3.2.23-1)
forky: resolved (fixed in 3.2.23-1)
sid: resolved (fixed in 3.2.23-1)
trixie: resolved (fixed in 3.2.23-1)
No detection rules found.
Bugzilla
CVE-2012-3375 kernel: epoll: can leak file descriptors when returning -ELOOP
bugzilla·2012-07-04·CVSS 4.9
CVE-2012-3375 [MEDIUM] CVE-2012-3375 kernel: epoll: can leak file descriptors when returning -ELOOP
CVE-2012-3375 kernel: epoll: can leak file descriptors when returning -ELOOP
An epoll_ctl(,EPOLL_CTL_ADD,,) operation can return '-ELOOP' to prevent circular epoll dependencies from being created. However, in that case we do not properly clear the 'tfile_check_list'.
An unprivileged local user could use this flaw to crash the system.
This is a regression introduced via the CVE-2011-1083 (bug #681578) fix (commit 28d82dc1c4edbc352129f97f4ca22624d1fe61de):
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=28d82dc1c4edbc352129f97f4ca22624d1fe61de
Upstream fix:
13d518074a952d33d47c428419693f63389547e9
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=13d518074a952d33d47c428419693f63389547e9
References:
https://lkml.org/lkml/2012/
arXiv
BEACON: Automatic Container Policy Generation using Environment-aware Dynamic Analysis
arxiv_fulltext·2025-11-29
BEACON: Automatic Container Policy Generation using Environment-aware Dynamic Analysis
=1em
1
.001
: Automatic Container Policy Generation using Environment-aware Dynamic Analysis
Kang et al.
[mode = title]: Automatic Container Policy Generation using Environment-aware Dynamic Analysis
[1]
[1]This is the accepted manuscript of an article accepted for publication in Computers & Security.
[1]Haney Kang[orcid=0000-0003-0866-0938]
[email protected]
[1]
[3]Eduard Marin[orcid=0000-0002-5002-0187]
[email protected]
[1]
[2]Myoungsung You[orcid=0000-0001-5822-5243]
[email protected]
[3]Diego Perino
[email protected]
[1]Seungwon Shin[orcid=0000-0002-1077-5606]
[email protected]
[4]Jinwoo Kim[orcid=0000-0003-1303-8668]
[email protected]
[1]
[fn1]Co-first authors
[cor1]Corresponding author
[1]
organization=School of Electrical Engineering, KAIST,
a
arXiv
Characteristics, Root Causes, and Detection of Incomplete Security Bug Fixes in the Linux Kernel
arxiv_fulltext·2025-11-21
Characteristics, Root Causes, and Detection of Incomplete Security Bug Fixes in the Linux Kernel
Characteristics, Root Causes, and Detection of
Incomplete Security Bug Fixes in the Linux Kernel
Qiang Liu^1All work was done by Aug., 2022.,
Wenlong Zhang^1,
Muhui Jiang^2,1,
Lei Wu^1,
Yajin Zhou^1
^1Zhejiang University,
^2The Hong Kong Polytechnic University
## Abstract
Security bugs in the Linux kernel emerge endlessly and have attracted much
attention.
However, fixing security bugs in the Linux kernel could be incomplete due to
human mistakes.
Specifically, an incomplete fix fails to repair all the original security
defects in the software, fails to properly repair the original security defects,
or introduces new ones.
In this paper, we study the fixes of incomplete security bugs in the Linux
kernel for the first time, and reveal their characteristics, root causes as well
as de
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13d518074a952d33d47c428419693f63389547e9http://secunia.com/advisories/51164http://ubuntu.com/usn/usn-1529-1http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24http://www.openwall.com/lists/oss-security/2012/07/04/2http://www.securitytracker.com/id?1027237https://bugzilla.redhat.com/show_bug.cgi?id=837502https://downloads.avaya.com/css/P8/documents/100165733https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13d518074a952d33d47c428419693f63389547e9http://secunia.com/advisories/51164http://ubuntu.com/usn/usn-1529-1http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.2.24http://www.openwall.com/lists/oss-security/2012/07/04/2http://www.securitytracker.com/id?1027237https://bugzilla.redhat.com/show_bug.cgi?id=837502https://downloads.avaya.com/css/P8/documents/100165733https://github.com/torvalds/linux/commit/13d518074a952d33d47c428419693f63389547e9
2012-10-03
Published