Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2008-2365 — Race Condition in Kernel
Severity
4.9MEDIUMNVD
NVD4.7
EPSS
0.7%
top 27.86%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedJun 30
Latest updateMay 1
Description
Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issu…
CVSS vector
AV:L/AC:M/C:N/I:N/A:CExploitability: 3.4 | Impact: 6.9
Affected Packages3 packages
Also affects: Enterprise Linux 4.0, 5.0