CVE-2008-1294
UnknownEPSS 0.53%
Last modified
CVE-2008-1294 is a vulnerability of currently unknown severity. Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.. EPSS estimates a 0.53% chance of exploitation in the next 30 days.
Description
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | <= 2.6.21 | Rc7 |
| Linux | Linux Kernel | 2.6.2 | — |
| Linux | Linux Kernel | 2.6.16 | — |
| Linux | Linux Kernel | 2.6.16.1 | — |
| Linux | Linux Kernel | 2.6.16.2 | — |
| Linux | Linux Kernel | 2.6.16.3 | — |
| Linux | Linux Kernel | 2.6.16.4 | — |
| Linux | Linux Kernel | 2.6.16.5 | — |
| Linux | Linux Kernel | 2.6.16.6 | — |
| Linux | Linux Kernel | 2.6.16.7 | — |
| Linux | Linux Kernel | 2.6.16.8 | — |
| Linux | Linux Kernel | 2.6.16.9 | — |
| Linux | Linux Kernel | 2.6.16.10 | — |
| Linux | Linux Kernel | 2.6.16.11 | — |
| Linux | Linux Kernel | 2.6.16.12 | — |
| Linux | Linux Kernel | 2.6.16.13 | — |
| Linux | Linux Kernel | 2.6.16.14 | — |
| Linux | Linux Kernel | 2.6.16.15 | — |
| Linux | Linux Kernel | 2.6.16.16 | — |
| Linux | Linux Kernel | 2.6.16.17 | — |
| Linux | Linux Kernel | 2.6.16.18 | — |
| Linux | Linux Kernel | 2.6.16.19 | — |
| Linux | Linux Kernel | 2.6.16.20 | — |
| Linux | Linux Kernel | 2.6.16.21 | — |
| Linux | Linux Kernel | 2.6.16.22 | — |
| Linux | Linux Kernel | 2.6.16.23 | — |
| Linux | Linux Kernel | 2.6.16.24 | — |
| Linux | Linux Kernel | 2.6.16.25 | — |
| Linux | Linux Kernel | 2.6.16.26 | — |
| Linux | Linux Kernel | 2.6.16.27 | — |
| Linux | Linux Kernel | 2.6.16.28 | — |
| Linux | Linux Kernel | 2.6.16.29 | — |
| Linux | Linux Kernel | 2.6.16.30 | — |
| Linux | Linux Kernel | 2.6.16.31 | — |
| Linux | Linux Kernel | 2.6.16.32 | — |
| Linux | Linux Kernel | 2.6.16.33 | — |
| Linux | Linux Kernel | 2.6.16.34 | — |
| Linux | Linux Kernel | 2.6.16.35 | — |
| Linux | Linux Kernel | 2.6.16.36 | — |
| Linux | Linux Kernel | 2.6.16.37 | — |
| Linux | Linux Kernel | 2.6.16.38 | — |
| Linux | Linux Kernel | 2.6.16.39 | — |
| Linux | Linux Kernel | 2.6.16.40 | — |
| Linux | Linux Kernel | 2.6.16.41 | — |
| Linux | Linux Kernel | 2.6.16.43 | — |
| Linux | Linux Kernel | 2.6.16.44 | — |
| Linux | Linux Kernel | 2.6.16.45 | — |
| Linux | Linux Kernel | 2.6.16.46 | — |
| Linux | Linux Kernel | 2.6.16.47 | — |
| Linux | Linux Kernel | 2.6.16.48 | — |
Showing 50 of 105 affected configurations. See NVD for the full list.
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-1294?
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.
How severe is CVE-2008-1294?
Severity scoring for CVE-2008-1294 is pending analysis. The EPSS model estimates a 0.53% probability of exploitation in the next 30 days.
How do I fix CVE-2008-1294?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2008-1294?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST