Published: 09/11/2009 Updated: 13/02/2023

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

VMScore: 785

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel prior to 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel 2.6.27.12
linux linux kernel 2.6.20.6
linux linux kernel 2.6.28
linux linux kernel 2.6.25.4
linux linux kernel 2.6.25.11
linux linux kernel 2.4.15
linux linux kernel 2.6.20.9
linux linux kernel 2.6.26
linux linux kernel 2.4.30
linux linux kernel 2.6.18
linux linux kernel 2.6.29
linux linux kernel 2.6.11
linux linux kernel 2.6.25.9
linux linux kernel 2.6.23.4
linux linux kernel 2.6.22.15
linux linux kernel 2.6.16.16
linux linux kernel 2.6.18.7
linux linux kernel 2.6.17.12
linux linux kernel 2.6.16.39
linux linux kernel 2.6.27.3
linux linux kernel 2.6.29.3
linux linux kernel 2.6.21
linux linux kernel 2.6.16.9
linux linux kernel 2.4.35.2
linux linux kernel 2.6.17.9
linux linux kernel 2.6.11.2
linux linux kernel 2.6.27.1
linux linux kernel 2.6.15.3
linux linux kernel 2.4.11
linux linux kernel 2.6.11.10
linux linux kernel 2.4.34.6
linux linux kernel 2.6.24.7
linux linux kernel 2.4.37.2
linux linux kernel 2.6.1
linux linux kernel 2.6.16.43
linux linux kernel 2.6.16.6
linux linux kernel 2.4.32
linux linux kernel 2.6.16.8
linux linux kernel 2.6.20.13
linux linux kernel 2.6.22.4
linux linux kernel 2.6.14.7
linux linux kernel 2.6.13
linux linux kernel 2.6.17.2
linux linux kernel 2.6.13.3
linux linux kernel 2.6.23.13
linux linux kernel 2.6.11.8
linux linux kernel 2.6.24.2
linux linux kernel 2.4.36.6
linux linux kernel 2.4.26
linux linux kernel 2.6.26.5
linux linux kernel 2.6.16.34
linux linux kernel 2.6.25.20
linux linux kernel 2.4.37.4
linux linux kernel 2.6.22.21
linux linux kernel 2.6.25.12
linux linux kernel 2.6.23.7
linux linux kernel 2.6.30
linux linux kernel 2.6.17.8
linux linux kernel 2.6.14.4
linux linux kernel 2.6.14
linux linux kernel 2.6.25.5
linux linux kernel 2.6.17.4
linux linux kernel 2.6.16.18
linux linux kernel 2.6.17.14
linux linux kernel 2.6.10
linux linux kernel 2.6.23.8
linux linux kernel 2.6.25
linux linux kernel 2.4.12
linux linux kernel 2.6.27
linux linux kernel 2.6.16.45
linux linux kernel 2.6.22.12
linux linux kernel 2.6.25.18
linux linux kernel 2.6.14.3
linux linux kernel 2.6.24
linux linux kernel 2.6.18.3
linux linux kernel 2.6.25.8
linux linux kernel 2.6.16.37
linux linux kernel 2.4.13
linux linux kernel 2.6.11.6
linux linux kernel 2.6.16.48
linux linux kernel 2.6.11.11
linux linux kernel 2.6.16.13
linux linux kernel 2.6.27.10
linux linux kernel 2.6.21.6
linux linux kernel 2.6.26.6
linux linux kernel 2.4.36.2
linux linux kernel 2.6.22.1
linux linux kernel 2.6.16.4
linux linux kernel 2.6.23.16
linux linux kernel 2.6.17.3
linux linux kernel 2.6.24.1
linux linux kernel 2.4.17
linux linux kernel 2.6.20.5
linux linux kernel 2.6.25.6
linux linux kernel 2.6.22
linux linux kernel 2.6.28.4
linux linux kernel 2.6.16.15
linux linux kernel 2.6.15.6
linux linux kernel 2.6.26.3
linux linux kernel 2.6.20.16
linux linux kernel 2.6.15.1
linux linux kernel 2.6.11.5
linux linux kernel 2.6.28.2
linux linux kernel 2.6.19.3
linux linux kernel 2.4.21
linux linux kernel 2.6.27.4
linux linux kernel 2.6.19.4
linux linux kernel 2.6.25.13
linux linux kernel 2.6.28.5
linux linux kernel 2.6.19.1
linux linux kernel 2.6.18.4
linux linux kernel 2.6.16.1
linux linux kernel 2.6.18.1
linux linux kernel 2.6.20.21
linux linux kernel 2.6.31
linux linux kernel 2.4.23
linux linux kernel 2.4.35.1
linux linux kernel 2.6.23.1
linux linux kernel 2.6.2
linux linux kernel 2.6.14.5
linux linux kernel 2.6.13.2
linux linux kernel 2.6.25.7
linux linux kernel 2.6.17.5
linux linux kernel 2.4.36.1
linux linux kernel 2.6.18.5
linux linux kernel 2.6.21.1
linux linux kernel 2.6.16.32
linux linux kernel 2.6.13.5
linux linux kernel 2.6.16.57
linux linux kernel 2.6.16.49
linux linux kernel 2.6.25.3
linux linux kernel 2.6.17
linux linux kernel 2.4.7
linux linux kernel 2.6.19.2
linux linux kernel 2.6.26.2
linux linux kernel 2.6.21.4
linux linux kernel 2.6.16.11
linux linux kernel 2.4.25
linux linux kernel 2.6.20.17
linux linux kernel 2.6.16.14
linux linux kernel 2.6.20.12
linux linux kernel 2.6.16.25
linux linux kernel 2.6.16.21
linux linux kernel 2.6.16.33
linux linux kernel 2.6.16.28
linux linux kernel 2.6.17.10
linux linux kernel 2.6.21.5
linux linux kernel 2.4.34.3
linux linux kernel 2.6.25.15
linux linux kernel 2.6.14.1
linux linux kernel 2.4.24
linux linux kernel 2.4.9
linux linux kernel 2.6.23.15
linux linux kernel 2.6.16.23
linux linux kernel 2.6.12.5
linux linux kernel 2.6.15.7
linux linux kernel 2.6.20
linux linux kernel 2.6.23.10
linux linux kernel 2.6.22.7
linux linux kernel 2.6.16.3
linux linux kernel 2.4.29
linux linux kernel 2.6.27.8
linux linux kernel 2.4.36.4
linux linux kernel 2.6.26.1
linux linux kernel 2.6.25.19
linux linux kernel 2.6.20.20
linux linux kernel 2.6.16.36
linux linux kernel 2.6.14.6
linux linux kernel 2.6.12.1
linux linux kernel 2.6.27.9
linux linux kernel 2.6.11.9
linux linux kernel 2.6.16.46
linux linux kernel 2.4.28
linux linux kernel 2.6.17.1
linux linux kernel 2.4.35.3
linux linux kernel 2.6.20.8
linux linux kernel 2.6.20.15
linux linux kernel 2.6.22.18
linux linux kernel 2.6.0
linux linux kernel 2.6.16.54
linux linux kernel 2.4.36.3
linux linux kernel 2.6.13.4
linux linux kernel 2.6.22.20
linux linux kernel 2.6.23
linux linux kernel 2.6.20.18
linux linux kernel 2.6.23.9
linux linux kernel
linux linux kernel 2.6.22.6
linux linux kernel 2.6.23.3
linux linux kernel 2.6.18.8
linux linux kernel 2.6.22.3
linux linux kernel 2.4.10
linux linux kernel 2.6.12.2
linux linux kernel 2.6.16.31
linux linux kernel 2.6.16.26
linux linux kernel 2.4.2
linux linux kernel 2.6.16.62
linux linux kernel 2.6.25.2
linux linux kernel 2.6.18.2
linux linux kernel 2.6.28.8
linux linux kernel 2.4.33
linux linux kernel 2.6.25.1
linux linux kernel 2.4.37.3
linux linux kernel 2.6.16.29
linux linux kernel 2.4.16
linux linux kernel 2.6.24.4
linux linux kernel 2.4.8
linux linux kernel 2.4.37
linux linux kernel 2.4.19
linux linux kernel 2.6.25.16
linux linux kernel 2.6.22.9
linux linux kernel 2.4.14
linux linux kernel 2.6.25.17
linux linux kernel 2.6.20.11
linux linux kernel 2.6.19
linux linux kernel 2.6.20.3
linux linux kernel 2.6.16
linux linux kernel 2.6.28.3
linux linux kernel 2.6.22.13
linux linux kernel 2.6.19.7
linux linux kernel 2.6.21.3
linux linux kernel 2.4.34.4
linux linux kernel 2.6.24.5
linux linux kernel 2.6.16.51
linux linux kernel 2.6.15.2
linux linux kernel 2.6.20.19
linux linux kernel 2.6.16.22
linux linux kernel 2.6.22.17
linux linux kernel 2.6.16.58
linux linux kernel 2.6.16.40
linux linux kernel 2.6.16.47
linux linux kernel 2.6.16.42
linux linux kernel 2.6.23.14
linux linux kernel 2.6.17.11
linux linux kernel 2.6.16.10
linux linux kernel 2.6.12.4
linux linux kernel 2.6.16.41
linux linux kernel 2.6.16.52
linux linux kernel 2.6.11.3
linux linux kernel 2.6.20.10
linux linux kernel 2.6.16.24
linux linux kernel 2.6.25.10
linux linux kernel 2.6.22.11
linux linux kernel 2.6.16.55
linux linux kernel 2.4.35.4
linux linux kernel 2.6.12.3
linux linux kernel 2.6.22.10
linux linux kernel 2.4.36.9
linux linux kernel 2.6.23.17
linux linux kernel 2.6.27.5
linux linux kernel 2.6.23.2
linux linux kernel 2.6.28.9
linux linux kernel 2.4.22
linux linux kernel 2.4.5
linux linux kernel 2.4.36.7
linux linux kernel 2.6.21.7
linux linux kernel 2.6.16.30
linux linux kernel 2.6.21.2
linux linux kernel 2.6.15.4
linux linux kernel 2.6.27.7
linux linux kernel 2.6.16.59
linux linux kernel 2.4.37.5
linux linux kernel 2.6.16.38
linux linux kernel 2.6.16.17
linux linux kernel 2.6.26.8
linux linux kernel 2.6.20.2
linux linux kernel 2.6.22.22
linux linux kernel 2.4.18
linux linux kernel 2.6.28.6
linux linux kernel 2.6.16.12
linux linux kernel 2.6.16.27
linux linux kernel 2.6.16.53
linux linux kernel 2.6.28.7
linux linux kernel 2.6.12.6
linux linux kernel 2.6.17.7
linux linux kernel 2.6.20.1
linux linux kernel 2.4.3
linux linux kernel 2.6.11.7
linux linux kernel 2.6.16.2
linux linux kernel 2.6.24.6
linux linux kernel 2.6.18.6
linux linux kernel 2.6.22_rc7
linux linux kernel 2.6.15
linux linux kernel 2.4.37.1
linux linux kernel 2.6.16.44
linux linux kernel 2.4.36
linux linux kernel 2.6.23.12
linux linux kernel 2.6.16.35
linux linux kernel 2.4.1
linux linux kernel 2.6.19.6
linux linux kernel 2.4.4
linux linux kernel 2.6.16.50
linux linux kernel 2.6.23.5
linux linux kernel 2.6.22.8
linux linux kernel 2.6.14.2
linux linux kernel 2.6.16.61
linux linux kernel 2.6.19.5
linux linux kernel 2.4.36.5
linux linux kernel 2.6.20.4
linux linux kernel 2.6.17.6
linux linux kernel 2.4.34.5
linux linux kernel 2.6.23.6
linux linux kernel 2.6.27.2
linux linux kernel 2.6.16.7
linux linux kernel 2.4.27
linux linux kernel 2.6.17.13
linux linux kernel 2.4.6
linux linux kernel 2.6.16.60
linux linux kernel 2.6.22.2
linux linux kernel 2.6.27.11
linux linux kernel 2.6.16.56
linux linux kernel 2.4.31
linux linux kernel 2.2.27
linux linux kernel 2.6.22.19
linux linux kernel 2.6.24.3
linux linux kernel 2.6.22_rc1
linux linux kernel 2.6.20.14
linux linux kernel 2.6.22.5
linux linux kernel 2.6.25.14
linux linux kernel 2.6.20.7
linux linux kernel 2.6.28.1
linux linux kernel 2.6.16.5
linux linux kernel 2.6.11.4
linux linux kernel 2.4.35.5
linux linux kernel 2.6.26.4
linux linux kernel 2.6.16.19
linux linux kernel 2.4.20
linux linux kernel 2.6.27.6
linux linux kernel 2.6.26.7
linux linux kernel 2.6.11.12
linux linux kernel 2.6.16.20
linux linux kernel 2.6.15.5
linux linux kernel 2.4.36.8
linux linux kernel 2.6.22.16
linux linux kernel 2.6.11.1
linux linux kernel 2.6.13.1
linux linux kernel 2.6.23.11
linux linux kernel 2.6.29.5
linux linux kernel 2.6.22.14
linux linux kernel 2.6
linux linux kernel 2.4.37.6
linux linux kernel 2.6.12

It was discovered that the AX25 network subsystem did not correctly check integer signedness in certain setsockopt calls A local attacker could exploit this to crash the system, leading to a denial of service Ubuntu 910 was not affected (CVE-2009-2909) ...

NOTE: This kernel update marks the final planned kernel security update for the 2618 kernel in the Debian release 'etch' Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date A final update that includes fixes for these issues in the 2624 kernel is also in prepara ...

NOTE: This kernel update marks the final planned kernel security update for the 2624 kernel in the Debian release 'etch' Although security support for 'etch' officially ended on Feburary 15th, 2010, this update was already in preparation before that date Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial ...

/* Description of problem: execution of a particular program from the Arachne suite reliably causes a kernel panic due to a NULL-pointer dereference in nfs4_proc_lock() Version-Release number of selected component (if applicable): 2618-16421el5 How reproducible: always on NFSv4 mounted directories Steps to Reproduce: 1 wget www ...

CWE-399 http://www.openwall.com/lists/oss-security/2009/11/05/4 http://www.securityfocus.com/bid/36936 https://bugzilla.redhat.com/show_bug.cgi?id=529227 http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc4 http://www.openwall.com/lists/oss-security/2009/11/05/1 http://www.spinics.net/linux/lists/linux-nfs/msg03357.html http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:329 http://www.redhat.com/support/errata/RHSA-2009-1670.html http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html http://secunia.com/advisories/37909 http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://www.ubuntu.com/usn/usn-864-1 http://www.debian.org/security/2010/dsa-2005 http://secunia.com/advisories/38834 http://lists.vmware.com/pipermail/security-announce/2010/000082.html http://www.vupen.com/english/advisories/2010/0528 http://secunia.com/advisories/38794 http://www.redhat.com/support/errata/RHSA-2010-0474.html http://secunia.com/advisories/40218 http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9734 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6636 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d953126a28f97ec965d23c69fd5795854c048f30 https://nvd.nist.gov https://usn.ubuntu.com/864-1/https://www.exploit-db.com/exploits/10202/

Get Started

CVE-2009-3726

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect