cbcvebase.
CVE-2012-3375
published 2012-10-03

CVE-2012-3375: The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows…

PriorityP420medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
1.02%
59.1th percentile
The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.

Affected

72 ranges· showing 25
VendorProductVersion rangeFixed in
debianlinux< linux 3.2.23-1 (bookworm)linux 3.2.23-1 (bookworm)
linuxlinux_kernel<= 3.2.23
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel
linuxlinux_kernel

CVSS provenance

nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
osv4.9MEDIUM
vendor_ubuntu7.2HIGH
vendor_debian4.9MEDIUM
vendor_redhat4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.