How severe is CVE-2018-1121?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2018-1121?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2018-1121 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.

Related Vulnerabilities

CVE-2019-18644

MEDIUM

CVSS:5.9(Medium)

The malware scan function in Total Defense Anti-virus 11.5.2.28 is vulnerable to a TOCTOU bug; consequently, symbolic link attacks allow privileged files to be deleted.

CWE-3672019

CVE-2019-20000

MEDIUM

CVSS:5.9(Medium)

The malware scan function in BullGuard Premium Protection 20.0.371.8 has a TOCTOU issue that enables a symbolic link attack, allowing privileged files to be deleted.

CWE-3672019

CVE-2020-3808

MEDIUM

CVSS:5.9(Medium)

Creative Cloud Desktop Application versions 5.0 and earlier have a time-of-check to time-of-use (toctou) race condition vulnerability. Successful exploitation could lead to arbitrary file deletion.

CWE-3672020

CVE-2020-8890

MEDIUM

CVSS:5.9(Medium)

An issue was discovered in MISP before 2.4.121. It mishandled time skew (between the machine hosting the web server and the machine hosting the database) when trying to block a brute-force series of i...

CWE-3672020

CVE-2021-30342

MEDIUM

CVSS:5.9(Medium)

Improper integrity check can lead to race condition between tasks PDCP and RRC? after a valid RRC Command packet has been received in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snap...

CWE-3672021

CVE-2021-30343

MEDIUM

CVSS:5.9(Medium)

CWE-3672021