Linux Kernel Epoll Data-Race Vulnerability Allowing Denial-of-Service

Vulnerability

A data-race vulnerability has been identified in the Linux kernel's epoll implementation, specifically in versions prior to 5.17.0. This vulnerability arises because the function 'ep_events_available()' is called without a lock, allowing concurrent tasks to interfere with each other. The issue was reported by the Kernel Concurrency Sanitizer, indicating that one task can read from a list while another task is writing to it, potentially leading to inconsistent data being processed.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition by disrupting the normal operation of the epoll event polling mechanism, which can lead to increased resource usage or application unresponsiveness.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

9.0

impact

2.5

exploitability

5.0

remediation

0.0

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Linux Kernel Epoll Data-Race Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Affected Products

Linux kernel

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating