Race condition

2008-06-3021:41:00

PRIOn knowledge base

www.prio-n.com

5.8 Medium

AI Score

Confidence

Low

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

0.4%

JSON

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user’s process that trigger a conflict between utrace_detach and report_quiescent, related to “late ptrace_may_attach() check” and “race around &dead_engine_ops setting,” a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.

CPENameOperatorVersion
linux_kerneleq2.6.11 rc3
linux_kerneleq2.6.20.9
linux_kerneleq2.6.11
linux_kerneleq2.6.23.4
linux_kerneleq2.6.22.15
linux_kerneleq2.6.17.12
linux_kerneleq2.6.21
linux_kerneleq2.6.16.9
linux_kerneleq2.6.12 rc1
linux_kerneleq2.6.12 rc4

Name	Operator	Version
linux_kernel	eq	2.6.11 rc3
linux_kernel	eq	2.6.20.9
linux_kernel	eq	2.6.11
linux_kernel	eq	2.6.23.4
linux_kernel	eq	2.6.22.15
linux_kernel	eq	2.6.17.12
linux_kernel	eq	2.6.21
linux_kernel	eq	2.6.16.9
linux_kernel	eq	2.6.12 rc1
linux_kernel	eq	2.6.12 rc4