// For flags

CVE-2008-1375

kernel: race condition in dnotify (local DoS, local roothole possible)

Severity Score

7.0
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Race condition in the directory notification subsystem (dnotify) in Linux kernel 2.6.x before 2.6.24.6, and 2.6.25 before 2.6.25.1, allows local users to cause a denial of service (OOPS) and possibly gain privileges via unspecified vectors.

Una condiciĆ³n de carrera en el subsistema directory notification (dnotify) en el Kernel de Linux versiones 2.6.x anteriores a 2.6.24.6, y versiones 2.6.25 anteriores a 2.6.25.1, permite a usuarios locales causar una denegaciĆ³n de servicio (OOPS) y posiblemente alcanzar privilegios por medio de vectores no especificados.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2008-03-18 CVE Reserved
  • 2008-05-02 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-12-17 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CAPEC
References (47)
URL Tag Source
http://lists.vmware.com/pipermail/security-announce/2008/000023.html Mailing List
http://secunia.com/advisories/30017 Third Party Advisory
http://secunia.com/advisories/30018 Third Party Advisory
http://secunia.com/advisories/30044 Third Party Advisory
http://secunia.com/advisories/30108 Third Party Advisory
http://secunia.com/advisories/30110 Third Party Advisory
http://secunia.com/advisories/30112 Third Party Advisory
http://secunia.com/advisories/30116 Third Party Advisory
http://secunia.com/advisories/30260 Third Party Advisory
http://secunia.com/advisories/30515 Third Party Advisory
http://secunia.com/advisories/30769 Third Party Advisory
http://secunia.com/advisories/30818 Third Party Advisory
http://secunia.com/advisories/30890 Third Party Advisory
http://secunia.com/advisories/30962 Third Party Advisory
http://secunia.com/advisories/31246 Third Party Advisory
http://wiki.rpath.com/Advisories:rPSA-2008-0157 Broken Link
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0157 Broken Link
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.4 Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.24.6 Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.1 Broken Link
http://www.securityfocus.com/archive/1/491566/100/0/threaded Mailing List
http://www.securityfocus.com/archive/1/491732/100/0/threaded Mailing List
http://www.securityfocus.com/bid/29003 Third Party Advisory
http://www.securitytracker.com/id?1019959 Third Party Advisory
http://www.vupen.com/english/advisories/2008/1406/references Third Party Advisory
http://www.vupen.com/english/advisories/2008/1452/references Third Party Advisory
http://www.vupen.com/english/advisories/2008/2222/references Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/42131 Third Party Advisory
https://issues.rpath.com/browse/RPL-2501 Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11843 Signature
URL Date SRC
URL Date SRC
http://marc.info/?l=linux-kernel&m=120967963803205&w=2 2020-08-26
http://marc.info/?l=linux-kernel&m=120967964303224&w=2 2020-08-26
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html 2020-08-26
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html 2020-08-26
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html 2020-08-26
http://www.debian.org/security/2008/dsa-1565 2020-08-26
http://www.mandriva.com/security/advisories?name=MDVSA-2008:104 2020-08-26
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105 2020-08-26
http://www.mandriva.com/security/advisories?name=MDVSA-2008:167 2020-08-26
http://www.redhat.com/support/errata/RHSA-2008-0211.html 2020-08-26
http://www.redhat.com/support/errata/RHSA-2008-0233.html 2020-08-26
http://www.redhat.com/support/errata/RHSA-2008-0237.html 2020-08-26
http://www.ubuntu.com/usn/usn-618-1 2020-08-26
https://usn.ubuntu.com/614-1 2020-08-26
https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00232.html 2020-08-26
https://access.redhat.com/security/cve/CVE-2008-1375 2008-05-07
https://bugzilla.redhat.com/show_bug.cgi?id=439754 2008-05-07
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 >= 2.6.0 < 2.6.24.6
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.0 < 2.6.24.6"
-
Affected
Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
 2.6.25
Search vendor "Linux" for product "Linux Kernel" and version "2.6.25"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 6.06
Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 7.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
lts
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 10.2
Search vendor "Opensuse" for product "Opensuse" and version "10.2"
-
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 10.3
Search vendor "Opensuse" for product "Opensuse" and version "10.3"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Desktop
Search vendor "Suse" for product "Linux Enterprise Desktop"
 10
Search vendor "Suse" for product "Linux Enterprise Desktop" and version "10"
sp1
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 9
Search vendor "Suse" for product "Linux Enterprise Server" and version "9"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 10
Search vendor "Suse" for product "Linux Enterprise Server" and version "10"
sp1
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Software Development Kit
Search vendor "Suse" for product "Linux Enterprise Software Development Kit"
 10
Search vendor "Suse" for product "Linux Enterprise Software Development Kit" and version "10"
sp1
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 4.0
Search vendor "Debian" for product "Debian Linux" and version "4.0"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 8
Search vendor "Fedoraproject" for product "Fedora" and version "8"
-
Affected