Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 248754 (CVE-2008-5182) - Linux: < inotify race conditions (CVE-2008-5182)
Summary: Linux: < inotify race conditions (CVE-2008-5182)
Alias: CVE-2008-5182
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: [linux <]
Depends on:
Reported: 2008-11-25 09:16 UTC by Stefan Behte (RETIRED)
Modified: 2013-09-05 03:49 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2008-11-25 09:16:53 UTC
CVE-2008-5182 (
  The inotify functionality in Linux kernel 2.6 before 2.6.28-rc5 might
  allow local users to gain privileges via unknown vectors related to
  race conditions in inotify watch removal and umount.
Comment 3 Axel Dyks 2008-12-06 22:53:22 UTC
Argh! It's .26 not .27 sorry.
Comment 4 Axel Dyks 2008-12-08 01:04:36 UTC
(In reply to comment #3)
> Argh! It's .26 not .27 sorry.

Daniel just added this patch to genpatches (Version 5) for 2.6.26

and has released 2.6.26-r4 (already stable on x86/amd64).

Does this mean the bug can be closed? 

Comment 5 Kerin Millar 2009-07-21 00:25:02 UTC
Amended the Status Whiteboard. hardened-kernel unaffected at present time. Removing alias.

PS: genpatches-2.6.27-7 added and, as Axel pointed out, >=genpatches-2.6.26-5 is unaffected. =genpatches-2.6.25* remains vulnerable.
However, hardened-sources-2.6.25-r13 does not because we independently folded
in the same patch.