Linux Kernel Eventpoll Component Semi-Unbounded Recursion Vulnerability

A vulnerability in the Linux kernel's eventpoll component allows for semi-unbounded recursion, potentially leading to excessive stack usage. This issue arises because the current recursion depth checks do not adequately limit the depth of the call tree, allowing it to reach depths of at least 500. The vulnerability is present in Linux kernel versions through 6.15.

Impact

Exploitation of this vulnerability can cause a denial-of-service condition by allowing the call stack to grow excessively, which can lead to stack overflow.

Reproduction

The vulnerability can be reproduced by creating an epoll instance that forms a chain deeper than the allowed maximum nests. This can be done by adding epoll files in a way that bypasses the existing depth checks, effectively creating a loop that the system does not recognize until it is too late.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been fixed.