CVE-2004-1068Race Condition in Kernel

9 documents6 sources
Severity
6.2MEDIUMNVD
EPSS
0.1%
top 81.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linux KernelRedhat Enterprise LinuxRedhat Enterprise Linux Desktop+2 more
Timeline
PublishedJan 10
Latest updateMay 3

Description

A "missing serialization" error in the unix_dgram_recvmsg function in Linux 2.4.27 and earlier, and 2.6.x up to 2.6.9, allows local users to gain privileges via a race condition.

CVSS vector

AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0

Affected Packages3 packages

NVDlinux/linux_kernel29 versions+28

Also affects: Ubuntu Linux 4.1, Enterprise Linux 2.1, 3.0

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-8rhh-mg2p-8fh8: A "missing serialization" error in the unix_dgram_recvmsg function in Linux 22022-05-03
CVEList
CVE-2004-1068: A "missing serialization" error in the unix_dgram_recvmsg function in Linux 22004-12-01

📋Vendor Advisories

2
Ubuntu
Linux kernel vulnerabilities2004-12-15
Red Hat
security flaw2004-11-15

💬Community

4
Bugzilla
CVE-2004-1068 security flaw2018-08-16
Bugzilla
CAN-2004-1068 Missing serialisation in unix_dgram_recvmsg (ia64)2004-11-24
Bugzilla
CAN-2004-1068 Missing serialisation in unix_dgram_recvmsg2004-11-24
Bugzilla
CAN-2004-1068 Missing serialisation in unix_dgram_recvmsg2004-11-24
CVE-2004-1068 — Race Condition in Linux Kernel | cvebase