CVE-2008-2365

Linux kernel 2.6.9-2.6.25 - Denial of Service via PTRACE_ATTACH Race Condition

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2008-2365. PoCs published by Alexei Dobryanov.

AI-analyzed exploit summary This exploit leverages a race condition in the Linux kernel's ptrace system call to trigger a local denial-of-service (DoS). It repeatedly attaches and detaches to a child process, causing the kernel to become unresponsive.

Description

Race condition in the ptrace and utrace support in the Linux kernel 2.6.9 through 2.6.25, as used in Red Hat Enterprise Linux (RHEL) 4, allows local users to cause a denial of service (oops) via a long series of PTRACE_ATTACH ptrace calls to another user's process that trigger a conflict between utrace_detach and report_quiescent, related to "late ptrace_may_attach() check" and "race around &dead_engine_ops setting," a different vulnerability than CVE-2007-0771 and CVE-2008-1514. NOTE: this issue might only affect kernel versions before 2.6.16.x.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Alexei Dobryanov · cdoslinux
https://www.exploit-db.com/exploits/31966

This exploit leverages a race condition in the Linux kernel's ptrace system call to trigger a local denial-of-service (DoS). It repeatedly attaches and detaches to a child process, causing the kernel to become unresponsive.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Racy
Target: Linux kernel (versions affected by CVE-2008-2365)
No auth needed
Prerequisites: Local access to the target system · Ability to execute binary code
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by Alexei Dobryanov · cdoslinux
https://www.exploit-db.com/exploits/31965

This exploit leverages a race condition in the Linux kernel by repeatedly attaching to a target process via ptrace, causing a local denial-of-service (DoS). The vulnerability arises from improper handling of the PTRACE_ATTACH request.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Racy
Target: Linux kernel (versions affected by CVE-2008-2365)
No auth needed
Prerequisites: Local access to the target system · Process ID (PID) of a target process
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/43567
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id?1020362
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/29945
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/07/14/1
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/3965
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10749
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/30850
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=449359
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/31107
Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2008/06/26/1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-625-1
Patch vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2008-0508.html
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=linux-kernel&m=117863520707703&w=2

Scores

EPSS 0.0053
EPSS Percentile 40.2%

Details

CWE
CWE-362
Status published
Products (32)
linux/linux_kernel 2.6.9
linux/linux_kernel 2.6.10 (2 CPE variants)
linux/linux_kernel 2.6.11 (4 CPE variants)
linux/linux_kernel 2.6.11.4
linux/linux_kernel 2.6.11.5
linux/linux_kernel 2.6.11.6
linux/linux_kernel 2.6.11.7
linux/linux_kernel 2.6.11.8
linux/linux_kernel 2.6.11.11
linux/linux_kernel 2.6.11.12
... and 22 more
Published Jun 30, 2008
Tracked Since Feb 18, 2026