Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2018-1121

LOW
Published 2018-06-13T20:00:00
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2018-1121. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.0
3.9
/10
CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.013
probability
of exploitation in the wild

There is a 1.3% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.784
Higher than 78.4% of all CVEs

Attack Vector Metrics

Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED

Impact Metrics

Confidentiality
NONE
Integrity
LOW
Availability
LOW

Description

procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

[UNKNOWN]

procps-ng, procps

Affected Versions:

up to procps-ng 3.3.15 and newer

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed MODERATE

GHSA-2r59-6pxx-3wqv

Advisory Details

procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.

CVSS Scoring

CVSS Score

5.0

CVSS Vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2018-1121
WEB https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121
WEB https://www.exploit-db.com/exploits/44806
WEB https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
WEB http://seclists.org/oss-sec/2018/q2/122
WEB http://www.securityfocus.com/bid/104214

Advisory provided by GitHub Security Advisory Database. Published: May 13, 2022, Modified: May 13, 2022

References

https://www.exploit-db.com/exploits/44806/
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121
http://www.securityfocus.com/bid/104214
http://seclists.org/oss-sec/2018/q2/122
https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt
Published: 2018-06-13T20:00:00
Last Modified: 2024-08-05T03:51:48.742Z
Copied to clipboard!