Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-1961Improper Locking in Kernel

CWE-667Improper LockingCWE-362Race Condition7 documents7 sources
Severity
4.7MEDIUMNVD
EPSS
0.1%
top 71.18%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
7
Linux KernelCanonical Ubuntu LinuxDebian Linux+4 more
Timeline
PublishedJun 8
Latest updateMay 2

Description

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.0 | Impact: 3.6

Affected Packages4 packages

NVDlinux/linux_kernel2.6.272.6.27.24+3
NVDopensuse/opensuse10.3, 11.1+1

Also affects: Debian Linux 4.0, Linux Enterprise 11.0, Ubuntu Linux 6.06, 8.04, 8.10, 9.04

Patches

Patch: www.debian.orgPatch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

2
GHSA
GHSA-53cw-7857-2j7g: The inode double locking code in fs/ocfs2/file2022-05-02
CVEList
CVE-2009-1961: The inode double locking code in fs/ocfs2/file2009-06-06

💥Exploits & PoCs

1
Exploit-DB
Linux Kernel 2.6.x - 'splice(2)' Double Lock Local Denial of Service2009-05-29

📋Vendor Advisories

2
Ubuntu
Linux kernel vulnerabilities2009-07-02
Red Hat
kernel: splice local denial of service2009-04-06

💬Community

1
Bugzilla
CVE-2009-1961 kernel: splice local denial of service2009-06-01
CVE-2009-1961 — Improper Locking in Linux Kernel | cvebase