CVE-2008-1375

Description

Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.

CVSS Metrics

• v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.07%• Percentile: 21%

Techniques & Countermeasures

• CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Affected Systems

• canonical•ubuntu_linux

  6.06 | 7.04 | 7.10 | 8.04

• debian•debian_linux

  4.0

• fedoraproject•fedora

  8

• linux•linux_kernel

  ≥ 2.6.0, < 2.6.24.6 | 2.6.25

• opensuse•opensuse

  10.2 | 10.3

• suse•linux_enterprise_desktop

  10:sp1

• suse•linux_enterprise_server

  9 | 10:sp1

• suse•linux_enterprise_software_development_kit

  10:sp1

References (45)

• http://marc.info/?l=linux-kernel&m=120967963803205&w=2
• http://secunia.com/advisories/30962
• http://www.vupen.com/english/advisories/2008/1406/references
• http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157
• http://www.securityfocus.com/bid/29003
• https://exchange.xforce.ibmcloud.com/vulnerabilities/42131
• http://www.redhat.com/support/errata/RHSA-2008-0237.html
• http://www.securitytracker.com/id?1019959
• http://www.vupen.com/english/advisories/2008/1452/references
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:167
• http://www.ubuntu.com/usn/usn-618-1
• http://www.debian.org/security/2008/dsa-1565
• http://secunia.com/advisories/30116
• http://www.redhat.com/support/errata/RHSA-2008-0233.html
• http://secunia.com/advisories/30110
• http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html
• https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html
• http://www.vupen.com/english/advisories/2008/2222/references
• http://www.securityfocus.com/archive/1/491732/100/0/threaded
• http://marc.info/?l=linux-kernel&m=120967964303224&w=2
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11843
• http://secunia.com/advisories/30515
• http://www.securityfocus.com/archive/1/491566/100/0/threaded
• http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6
• https://usn.ubuntu.com/614-1/
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
• http://secunia.com/advisories/30108
• http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4
• http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1
• http://secunia.com/advisories/30044
• http://www.redhat.com/support/errata/RHSA-2008-0211.html
• http://secunia.com/advisories/30017
• http://secunia.com/advisories/30890
• https://issues.rpath.com/browse/RPL-2501
• http://secunia.com/advisories/30769
• http://lists.vmware.com/pipermail/security-announce/2008/000023.html
• http://secunia.com/advisories/30018
• http://www.mandriva.com/security/advisories?name=MDVSA-2008:104
• http://secunia.com/advisories/30260
• http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html
• http://secunia.com/advisories/31246
• http://secunia.com/advisories/30818
• http://wiki.rpath.com/Advisories:rPSA-2008-0157
• http://secunia.com/advisories/30112
• http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html