CVE-2008-2944
CVE-2008-2944 is a medium-severity vulnerability in Fedoraproject Fedora Core with a CVSS 2.0 base score of 4.9. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-415.
Key facts
- Severity: Medium (CVSS 2.0 base score 4.9)
- EPSS exploit prediction: 0% (34th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-415
- Affected product: Fedoraproject Fedora Core
- Published:
- Last modified:
Description
Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365.
Frequently asked questions
- What is CVE-2008-2944?
- Double free vulnerability in the utrace support in the Linux kernel, probably 2.6.18, in Red Hat Enterprise Linux (RHEL) 5 and Fedora Core 6 (FC6) allows local users to cause a denial of service (oops), as demonstrated by a crash when running the GNU GDB testsuite, a different vulnerability than CVE-2008-2365.
- How severe is CVE-2008-2944?
- CVE-2008-2944 has a CVSS 2.0 base score of 4.9, rated medium severity.
- Is CVE-2008-2944 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 0% (34th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2008-2944?
- CVE-2008-2944 primarily affects Fedoraproject Fedora Core. In total, 3 product configurations (CPEs) are listed as vulnerable; see the affected-products list for the exact versions.
- How do I fix CVE-2008-2944?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround.
- When was CVE-2008-2944 published?
- CVE-2008-2944 was published on 2008-06-30 and last updated on 2026-06-16.
References
- https://bugzilla.redhat.com/show_bug.cgi?id=207002
- https://bugzilla.redhat.com/show_bug.cgi?id=449359
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43556
Affected products (3)
- cpe:2.3:o:fedoraproject:fedora_core:6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.18:-:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*
More vulnerabilities in Fedoraproject Fedora Core
- CVE-2006-5170 — High (CVSS 7.5): pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does…
- CVE-2007-1321 — High (CVSS 7.2): Integer signedness error in the NE2000 emulator in QEMU 0.8.2, as used in Xen and possibly other products, allows local…
- CVE-2007-1320 — High (CVSS 7.2): Multiple heap-based buffer overflows in the cirrus_invalidate_region function in the Cirrus VGA extension in QEMU…
- CVE-2007-3103 — Medium (CVSS 6.2): The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change…
- CVE-2007-3847 — Medium (CVSS 5.0): The date handling code in modules/proxy/proxy_util.c (mod_proxy) in Apache 2.3.0, when using a threaded MPM, allows…
- CVE-2005-2970 — Medium (CVSS 5.0): Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a…
All CVEs affecting Fedoraproject Fedora Core →
Other CWE-415 (Double Free) vulnerabilities
- CVE-2018-0101 — Critical (CVSS 10.0): A vulnerability in the Secure Sockets Layer (SSL) VPN functionality of the Cisco Adaptive Security Appliance (ASA)…
- CVE-2026-8925 — Critical (CVSS 9.8): The curl logic that works with SASL authentication could end up cleaning up the GSASL context *twice* without clearing…
- CVE-2020-37239 — Critical (CVSS 9.8): libbabl 0.1.62 contains a broken double free detection vulnerability that allows attackers to bypass memory safety…
- CVE-2026-43011 — Critical (CVSS 9.8): In the Linux kernel, the following vulnerability has been resolved: net/x25: Fix potential double free of skb When…
- CVE-2026-31609 — Critical (CVSS 9.8): In the Linux kernel, the following vulnerability has been resolved: smb: client: avoid double-free in…
- CVE-2026-31608 — Critical (CVSS 9.8): In the Linux kernel, the following vulnerability has been resolved: smb: server: avoid double-free in…