CVE-2007-0771 — Race Condition in Kernel

CWE-362 — Race Condition7 documents4 sources

Severity

4.9MEDIUMNVD

NVD4.7

EPSS

0.1%

top 80.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Redhat Enterprise Linux Redhat Enterprise Linux Desktop

Timeline

PublishedMay 2

Latest updateMay 1

Description

The utrace support in Linux kernel 2.6.18, and other versions, allows local users to cause a denial of service (system hang) related to "MT exec + utrace_attach spin failure mode," as demonstrated by ptrace-thrash.c.

CVSS vector

AV:L/AC:L/C:N/I:N/A:CExploitability: 3.9 | Impact: 6.9

Affected Packages2 packages

▶NVDlinux/linux_kernel123 versions+122

▶NVDredhat/enterprise_linux_desktop4.0

Also affects: Enterprise Linux 4.0, 5.0

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-64w9-gfhc-7qwj: The utrace support in Linux kernel 2↗2022-05-01

▶

GHSA

GHSA-rv47-5vwq-v454: Race condition in the ptrace and utrace support in the Linux kernel 2↗2022-05-01

▶

📋Vendor Advisories

Red Hat

kernel: ptrace: Crash on PTRACE_{ATTACH,DETACH} race↗2008-04-02

▶

Red Hat

Tracing execution of a threaded executable causes kernel BUG report↗2007-02-12

▶

💬Community

Bugzilla

CVE-2007-0771 utrace regression / denial of service↗2007-02-15

▶