A race condition was found in util-linux before 2.32.1 in the way su handled the management of child processes. A local authenticated attacker could use this flaw to kill other processes with root privileges under specific conditions.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-267,CWE-362,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| redhat | enterprise_linux_server_eus | 7.4 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| util-linux_project | util-linux | * |
| redhat | enterprise_linux_desktop | 7.0 |
| redhat | enterprise_linux_workstation | 7.0 |
| redhat | enterprise_linux_server_aus | 7.3 |
| redhat | enterprise_linux_server_aus | 7.4 |
| redhat | enterprise_linux_workstation | 6.0 |
| redhat | enterprise_linux_server_eus | 7.5 |
| redhat | enterprise_linux_desktop | 6.0 |
| debian | debian_linux | 8.0 |
| redhat | enterprise_linux_server_eus | 7.3 |