CVE-2012-3375

medium

Published 2012-10-03 · Modified 2026-04-29

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

5.9

Description

The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-19605 dos linux verified

Yurij M. Plotnikov · 2012-07-05

Linux Kernel 3.2.24 - 'fs/eventpoll.c' Local Denial of Service

Source code queued for fetch — refresh in a moment.

OS impact

OS	Version	Status	Fixed in
linux-kernel		affected
linux-kernel	3.0.1	affected
linux-kernel	3.0.2	affected
linux-kernel	3.0.3	affected
linux-kernel	3.0.4	affected
linux-kernel	3.0.5	affected
linux-kernel	3.0.6	affected
debian	bookworm	fixed	`3.2.23-1`
debian	bullseye	fixed	`3.2.23-1`
debian	forky	fixed	`3.2.23-1`
debian	sid	fixed	`3.2.23-1`
debian	trixie	fixed	`3.2.23-1`
linux-kernel	3.0.7	affected
linux-kernel	3.0.8	affected
linux-kernel	3.0.9	affected
linux-kernel	3.0.10	affected
linux-kernel	3.0.11	affected
linux-kernel	3.0.12	affected
linux-kernel	3.0.13	affected
linux-kernel	3.0.14	affected
linux-kernel	3.0.15	affected
linux-kernel	3.0.16	affected
linux-kernel	3.0.17	affected
linux-kernel	3.0.18	affected
linux-kernel	3.0.19	affected
linux-kernel	3.0.20	affected
linux-kernel	3.0.21	affected
linux-kernel	3.0.22	affected
linux-kernel	3.0.23	affected
linux-kernel	3.0.24	affected
linux-kernel	3.0.25	affected
linux-kernel	3.0.26	affected
linux-kernel	3.0.27	affected
linux-kernel	3.0.28	affected
linux-kernel	3.0.29	affected
linux-kernel	3.0.30	affected
linux-kernel	3.0.31	affected
linux-kernel	3.0.32	affected
linux-kernel	3.0.33	affected
linux-kernel	3.0.34	affected
linux-kernel	3.1.1	affected
linux-kernel	3.1.2	affected
linux-kernel	3.1.3	affected
linux-kernel	3.1.4	affected
linux-kernel	3.1.5	affected
linux-kernel	3.1.6	affected
linux-kernel	3.1.7	affected
linux-kernel	3.1.8	affected
linux-kernel	3.1.9	affected
linux-kernel	3.1.10	affected
linux-kernel	3.2.1	affected
linux-kernel	3.2.2	affected
linux-kernel	3.2.3	affected
linux-kernel	3.2.4	affected
linux-kernel	3.2.5	affected
linux-kernel	3.2.6	affected
linux-kernel	3.2.7	affected
linux-kernel	3.2.8	affected
linux-kernel	3.2.9	affected
linux-kernel	3.2.10	affected
linux-kernel	3.2.11	affected
linux-kernel	3.2.12	affected
linux-kernel	3.2.13	affected
linux-kernel	3.2.14	affected
linux-kernel	3.2.15	affected
linux-kernel	3.2.16	affected
linux-kernel	3.2.17	affected
linux-kernel	3.2.18	affected
linux-kernel	3.2.19	affected
linux-kernel	3.2.20	affected
linux-kernel	3.2.21	affected
linux-kernel	3.2.22	affected

References

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.