CVE-2008-5182

Publication date 21 November 2008

Last updated 24 July 2024

Ubuntu priority

The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might allow local users to gain privileges via unknown vectors related to race conditions in inotify watch removal and umount.

From the Ubuntu Security Team

It was discovered that the inotify subsystem contained watch removal race conditions. A local attacker could exploit this to crash the system, leading to a denial of service.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	8.10 intrepid	Fixed 2.6.27-11.27
	8.04 LTS hardy	Fixed 2.6.24-23.48
	7.10 gutsy	Not in release
	6.06 LTS dapper	Not in release
linux-source-2.6.15	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	6.06 LTS dapper	Fixed 2.6.15-53.75
linux-source-2.6.22	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Fixed 2.6.22-16.61
	6.06 LTS dapper	Not in release

References

Related Ubuntu Security Notices (USN)

USN-715-1
Linux kernel vulnerabilities
29 January 2009

USN-714-1
Linux kernel vulnerabilities
29 January 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2008-5182