CVE-2008-2148

The utimensat system call (sys_utimensat) in Linux kernel 2.6.22 and other versions before 2.6.25.3 does not check file permissions when certain UTIME_NOW and UTIME_OMIT combinations are used, which allows local users to modify file times of arbitrary files, possibly leading to a denial of service.

Published: May 12, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-2148
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:N/I:P/A:P

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.6.22.15	2.6.22.15.x
linux / linux_kernel	2.6.22.4	2.6.22.4.x
linux / linux_kernel	2.6.22.21	2.6.22.21.x
linux / linux_kernel	2.6.22.12	2.6.22.12.x
linux / linux_kernel	2.6.22.1	2.6.22.1.x
linux / linux_kernel	2.6.22	2.6.22.x
linux / linux_kernel	2.6.22.7	2.6.22.7.x
linux / linux_kernel	2.6.22.18	2.6.22.18.x
linux / linux_kernel	2.6.22.20	2.6.22.20.x
linux / linux_kernel	2.6.22.6	2.6.22.6.x
linux / linux_kernel	2.6.22.3	2.6.22.3.x
linux / linux_kernel	2.6.22.9	2.6.22.9.x
linux / linux_kernel	2.6.22.13	2.6.22.13.x
linux / linux_kernel	2.6.22.17	2.6.22.17.x
linux / linux_kernel	2.6.22.11	2.6.22.11.x
linux / linux_kernel	2.6.22.10	2.6.22.10.x
linux / linux_kernel	2.6.22.8	2.6.22.8.x
linux / linux_kernel	2.6.22.2	2.6.22.2.x
linux / linux_kernel	2.6.22.19	2.6.22.19.x
linux / linux_kernel	2.6.22.5	2.6.22.5.x
linux / linux_kernel	2.6.22.16	2.6.22.16.x
linux / linux_kernel	2.6.22.14	2.6.22.14.x

Vulnerability Database

291,049

CVE-2008-2148