Race condition in the ptrace and utrace support in the Linux kernel 2.6.9
through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local
users to cause a denial of service (oops) via a long series of
PTRACE_ATTACH ptrace calls to another user's process that trigger a
conflict between utrace_detach and report_quiescent, related to "late
ptrace_may_attach() check" and "race around &dead_engine_ops setting," a
different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this
issue might only affect kernel versions before 2.6.16.x.
A race condition was discovered between ptrace and utrace in the kernel.
A local attacker could exploit this to crash the system, leading to a
denial of service.
|Upstream:||linux-2.6: 5ecfbae093f0c37311e89b29bfc0c9d586eace87 (N/A)|
Updated: 2016-01-26 17:31:03 UTC (commit 10507)