CVE-2006-5158 — Improper Locking in Kernel

CWE-667 — Improper Locking CWE-833 — Deadlock7 documents6 sources

Severity

7.5HIGHNVD

EPSS

4.0%

top 11.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

6

Linux Kernel Canonical Ubuntu Linux Redhat Enterprise Linux Desktop +3 more

Timeline

PublishedOct 5

Latest updateMay 1

Description

The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDlinux/linux_kernel< 2.6.16

▶NVDredhat/enterprise_linux_server4.0

▶NVDredhat/enterprise_linux_desktop4.0

▶NVDredhat/enterprise_linux_workstation4.0

Also affects: Ubuntu Linux 5.10, 6.06, 6.10, Enterprise Linux 4.5

Patches

Patch: marc.info ↗Patch: www.mandriva.com ↗Patch: marc.info ↗

🔴Vulnerability Details

1

GHSA

GHSA-339c-xph3-fj7g: The nlmclnt_mark_reclaim in clntlock↗2022-05-01

▶

📋Vendor Advisories

2

Ubuntu

Linux kernel vulnerabilities↗2006-12-14

▶

Red Hat

NFS lockd deadlock↗2006-09-28

▶

📐Framework References

2

CWE

Deadlock↗

▶

CWE

Improper Locking↗

▶

💬Community

1

Bugzilla

CVE-2006-5158 NFS lockd deadlock↗2007-06-08

▶