Vulnerability Details : CVE-2009-1388
The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace system call and a coredumping thread.
Vulnerability category: Denial of service
Products affected by CVE-2009-1388
- cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*
Threat overview for CVE-2009-1388
Top countries where our scanners detected CVE-2009-1388
Top open port discovered on systems with this issue
5000
IPs affected by CVE-2009-1388 142
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-1388!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-1388
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 19 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1388
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST | |
5.5
|
MEDIUM | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
1.8
|
3.6
|
NIST | 2024-02-15 |
CWE ids for CVE-2009-1388
-
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.Assigned by: nvd@nist.gov (Primary)
-
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-1388
-
Red Hat 2009-08-05This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG. It was addressed in Red Hat Enterprise 5 via: https://rhn.redhat.com/errata/RHSA-2009-1193.html
References for CVE-2009-1388
-
https://bugzilla.redhat.com/attachment.cgi?id=346615
Mailing List;Patch
-
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
VMSA-2009-0016.6Third Party Advisory
-
http://www.vupen.com/english/advisories/2009/3316
Webmail: access your OVH emails on ovhcloud.com | OVHcloudBroken Link
-
http://www.redhat.com/support/errata/RHSA-2009-1193.html
SupportBroken Link
-
http://secunia.com/advisories/36131
About Secunia Research | FlexeraBroken Link
-
http://osvdb.org/55679
Broken Link
-
http://marc.info/?l=oss-security&m=124654277229434&w=2
'[oss-security] CVE-2009-1388 kernel: do_coredump() vs ptrace_start() deadlock' - MARCMailing List;Patch
-
https://bugzilla.redhat.com/show_bug.cgi?id=504263
504263 – (CVE-2009-1388) CVE-2009-1388 kernel: do_coredump() vs ptrace_start() deadlockIssue Tracking;Patch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8625
404 Not FoundBroken Link
-
https://bugzilla.redhat.com/attachment.cgi?id=346742
Patch
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8680
404 Not FoundBroken Link
-
http://secunia.com/advisories/37471
About Secunia Research | FlexeraBroken Link
-
http://www.securityfocus.com/bid/35559
Broken Link;Third Party Advisory;VDB Entry
-
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Broken Link;Third Party Advisory;VDB Entry
Jump to