#VU92682 Concurrent execution using shared resource with improper synchronization ('race condition') in Linux kernel - CVE-2008-4307

Cybersecurity Help s.r.o.

Published: 2009-01-13 | Updated: 2023-02-13

Vulnerability identifier: #VU92682

Vulnerability risk: Low

CVSSv4.0: 1.9 [CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2008-4307

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Linux kernel
Operating systems & Components / Operating system

Vendor: Linux Foundation

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to concurrent execution using shared resource with improper synchronization ('race condition') error. A local user can perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's repository.

Vulnerable software versions

Linux kernel: All versions

External links
https://bugzilla.redhat.com/show_bug.cgi?id=456282
https://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26
https://openwall.com/lists/oss-security/2009/01/13/1
https://www.ubuntu.com/usn/usn-751-1
https://www.redhat.com/support/errata/RHSA-2009-0451.html
https://secunia.com/advisories/34917
https://rhn.redhat.com/errata/RHSA-2009-0459.html
https://secunia.com/advisories/34981
https://www.debian.org/security/2009/dsa-1787
https://secunia.com/advisories/34962
https://www.debian.org/security/2009/dsa-1794
https://secunia.com/advisories/35011
https://secunia.com/advisories/35015
https://rhn.redhat.com/errata/RHSA-2009-0473.html
https://www.vupen.com/english/advisories/2009/3316
https://www.vmware.com/security/advisories/VMSA-2009-0016.html
https://secunia.com/advisories/37471
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9233
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7728
https://www.securityfocus.com/archive/1/507985/100/0/threaded
https://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Concurrent execution using shared resource with improper synchronization ('race condition') in Linux kernel