eventfd double close
Description
libcurl in curl 8.11.1 on 64-bit systems with threaded resolver and eventfd double-closes the same file descriptor, causing unreliable behavior.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
libcurl in curl 8.11.1 on 64-bit systems with threaded resolver and eventfd double-closes the same file descriptor, causing unreliable behavior.
Vulnerability
In curl versions 8.11.1 built with the threaded resolver and eventfd support (64-bit architectures only), libcurl incorrectly closes the same eventfd file descriptor twice when tearing down a connection channel after a threaded name resolution completes. The double-close results from an #ifdef mistake that left a superfluous close() call originally written for socketpair-based inter-thread messaging. This vulnerability is assigned CWE-1341 (Multiple Releases of Same Resource or Handle) and affects only curl 8.11.1; versions before 8.11.1 and from 8.12.0 onward are not affected [1].
Exploitation
An attacker would need no special privileges but must rely on the race window where the second close() occurs within a few dozen instructions after the first. Because the window is extremely narrow, controlled exploitation to cause a specific file descriptor to be closed in place of the eventfd is considered unlikely. The vulnerability is reachable automatically whenever libcurl performs a threaded name resolution, without user interaction beyond making a curl request that triggers a DNS lookup [1].
Impact
Successful double-close leads to unreliable behavior in libcurl, potentially causing the library to close an unrelated file descriptor that may have been opened between the two close() calls. This could result in interference with the application's file descriptor table, but the limited race window makes arbitrary code execution or information disclosure improbable. The curl command-line tool is also affected when built similarly [1].
Mitigation
Upgrade to curl version 8.12.0, released on February 5, 2025, which contains the fix [1]. Users of curl 8.11.1 who cannot upgrade immediately may apply the patch from commit ff5091aa9f55 or avoid building with eventfd on 64-bit systems. No workaround exists for the vulnerable version other than upgrading or rebuilding without eventfd. This vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog as of publication [1].
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
21- osv-coords19 versionspkg:apk/chainguard/curlpkg:apk/chainguard/curl-devpkg:apk/chainguard/curl-docpkg:apk/chainguard/curl-oci-entrypointpkg:apk/chainguard/curl-staticpkg:apk/chainguard/libcurl4pkg:apk/chainguard/libcurl-openssl4pkg:apk/wolfi/curlpkg:apk/wolfi/curl-devpkg:apk/wolfi/curl-docpkg:apk/wolfi/curl-oci-entrypointpkg:apk/wolfi/curl-staticpkg:apk/wolfi/libcurl4pkg:apk/wolfi/libcurl-openssl4pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/curl&distro=openSUSE%20Tumbleweedpkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7pkg:rpm/suse/curl&distro=SUSE%20Linux%20Micro%206.1
< 8.12.0-r0+ 18 more
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.12.0-r0
- (no CPE)range: < 8.14.1-150600.4.28.1
- (no CPE)range: < 8.12.1-1.1
- (no CPE)range: < 8.14.1-150600.4.28.1
- (no CPE)range: < 8.14.1-150600.4.28.1
- (no CPE)range: < 8.12.1-slfo.1.1_1.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.