Race Condition Vulnerability in Red Hat Enterprise Linux Kernel
CVE-2008-2365

Currently unrated

Key Information:

Vendor: Linux
Status: Linux Kernel; Enterprise Linux Desktop; Enterprise Linux
Vendor: CVE Published:; 30 June 2008

Summary

A vulnerability exists within the Linux kernel versions 2.6.9 to 2.6.25 in Red Hat Enterprise Linux (RHEL) 4, stemming from a race condition in ptrace and utrace support. Local users can exploit this vulnerability by executing a long sequence of PTRACE_ATTACH ptrace calls on another user's process, leading to a denial of service condition. This occurs due to a conflict in handling process attachment and detachment, specifically around the checks for process states, which can cause system instability. This issue does not affect the kernel versions post-2.6.16.x.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/43567

vdb-entryx_refsource_XF

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2....

x_refsource_CONFIRM

http://www.securitytracker.com/id?1020362

vdb-entryx_refsource_SECTRACK

Timeline

Vulnerability published
Jun 30, 2008
Vulnerability Reserved
May 21, 2008