#VU92713 Concurrent execution using shared resource with improper synchronization ('race condition') in Linux kernel - CVE-2008-2365

Cybersecurity Help s.r.o.

Published: 2008-07-01 | Updated: 2024-06-20

Vulnerability identifier: #VU92713

Vulnerability risk: Low

CVSSv4.0: 5.4 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2008-2365

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to concurrent execution using shared resource with improper synchronization ('race condition') error. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://marc.info/?l=linux-kernel&m=117863520707703&w=2
https://www.openwall.com/lists/oss-security/2008/06/26/1
https://sources.redhat.com/cgi-bin/cvsweb.cgi/~checkout~/tests/ptrace-tests/tests/late-ptrace-may-attach-check.c?cvsroot=systemtap
https://bugzilla.redhat.com/show_bug.cgi?id=449359
https://rhn.redhat.com/errata/RHSA-2008-0508.html
https://www.securityfocus.com/bid/29945
https://www.openwall.com/lists/oss-security/2008/07/14/1
https://secunia.com/advisories/31107
https://www.securitytracker.com/id?1020362
https://secunia.com/advisories/30850
https://www.ubuntu.com/usn/usn-625-1
https://securityreason.com/securityalert/3965
https://exchange.xforce.ibmcloud.com/vulnerabilities/43567
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10749
https://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=5ecfbae093f0c37311e89b29bfc0c9d586eace87
https://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f358166a9405e4f1d8e50d8f415c26d95505b6de
https://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=f5b40e363ad6041a96e3da32281d8faa191597b9

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Linux kernel