{"id":"CVE-2018-1121","details":"procps-ng, procps is vulnerable to a process hiding through race condition. Since the kernel's proc_pid_readdir() returns PID entries in ascending numeric order, a process occupying a high PID can use inotify events to determine when the process list is being scanned, and fork/exec to obtain a lower PID, thus avoiding enumeration. An unprivileged attacker can hide a process from procps-ng's utilities by exploiting a race condition in reading /proc/PID entries. This vulnerability affects procps and procps-ng up to version 3.3.15, newer versions might be affected also.","modified":"2026-04-10T04:04:23.825035Z","published":"2018-06-13T20:29:00.337Z","references":[{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104214"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1121"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/44806/"},{"type":"EVIDENCE","url":"https://www.qualys.com/2018/05/17/procps-ng-audit-report-advisory.txt"},{"type":"EVIDENCE","url":"http://seclists.org/oss-sec/2018/q2/122"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/procps-ng/procps","events":[{"introduced":"0"},{"last_affected":"7bb949bcba13c107fa0f45d2d0298b1ad6b6d6cc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.3.15"}]}}],"versions":["v3.3.0","v3.3.1","v3.3.10","v3.3.11","v3.3.12","v3.3.13","v3.3.13rc1","v3.3.14","v3.3.15","v3.3.2","v3.3.3","v3.3.4","v3.3.5","v3.3.6","v3.3.7","v3.3.8","v3.3.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-1121.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}