CVE-2012-3375

Linux Kernel < 3.2.24 - Denial of Service via EPOLL_CTL_ADD Circular Dependency

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2012-3375. PoCs published by Yurij M. Plotnikov.

AI-analyzed exploit summary This exploit triggers a local denial-of-service (DoS) in the Linux kernel by creating circular dependencies between epoll file descriptors, leading to a kernel crash. The PoC repeatedly creates epoll instances, sockets, and binds them in a way that causes a kernel panic.

Description

The epoll_ctl system call in fs/eventpoll.c in the Linux kernel before 3.2.24 does not properly handle ELOOP errors in EPOLL_CTL_ADD operations, which allows local users to cause a denial of service (file-descriptor consumption and system crash) via a crafted application that attempts to create a circular epoll dependency. NOTE: this vulnerability exists because of an incorrect fix for CVE-2011-1083.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Yurij M. Plotnikov · cdoslinux

https://www.exploit-db.com/exploits/19605

View Code ZIP pw:eip

This exploit triggers a local denial-of-service (DoS) in the Linux kernel by creating circular dependencies between epoll file descriptors, leading to a kernel crash. The PoC repeatedly creates epoll instances, sockets, and binds them in a way that causes a kernel panic.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Linux Kernel (versions affected by CVE-2012-3375)

No auth needed

Prerequisites: Local access to the target system

MITRE ATT&CK