Table of Contents
The /proc filesystem is not a reliable mechanism to account for processes running on a system, as it is unable to offer snapshot semantics. Short-lived processes have always been able to escape detection by tools that monitor /proc. This CVE simply identifies a reliable way to do so using inotify.
Process accounting for security purposes, or with a requirement to record very short-running processes and those attempting to evade detection, should be performed with more robust methods such as auditd(8) (the Linux Audit Daemon) or systemtap.
CVSS v3 metrics
NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.
|CVSS3 Base Score||3.9|
|CVSS3 Base Metrics||CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L|
Affected Packages State
|Red Hat Enterprise Linux 8||procps-ng||Will not fix|
|Red Hat Enterprise Linux 7||procps-ng||Will not fix|
|Red Hat Enterprise Linux 6||procps||Will not fix|
|Red Hat Enterprise Linux 5||procps||Will not fix|