Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-3547

CWE-362Race ConditionCWE-476NULL Pointer DereferenceCWE-672CWE-66212 documents8 sources
Severity
7.0HIGH
EPSS
3.2%
top 13.10%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
14
Linux Linux KernelCanonical Ubuntu LinuxFedoraproject Fedora+11 more
Timeline
PublishedNov 4
Latest updateMay 2

Description

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.0 | Impact: 5.9

Affected Packages11 packages

NVDlinux/linux_kernel2.6.31.14+1
NVDopensuse/opensuse11.0, 11.2+1
NVDredhat/enterprise_linux_server3.0, 4.0, 5.0+2
NVDredhat/enterprise_linux_desktop3.0, 4.0, 5.0+2

Also affects: Ubuntu Linux 6.06, 8.04, 8.10, 9.04, 9.10, Enterprise Linux 4.8, 5.4, Fedora 10

Patches

Patch: lkml.orgPatch: bugzilla.redhat.comPatch: lkml.org

🔴Vulnerability Details

3
GHSA
GHSA-qf89-p9hj-7h7g: Multiple race conditions in fs/pipe2022-05-02
CVEList
CVE-2009-3547: Multiple race conditions in fs/pipe2009-11-04
VulnCheck
Linux Kernel Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')2009

💥Exploits & PoCs

5
Exploit-DB
Linux Kernel 2.6.10 < 2.6.31.5 - 'pipe.c' Local Privilege Escalation2013-12-16
Exploit-DB
Linux Kernel 2.6.32 - 'pipe.c' Local Privilege Escalation (4)2009-11-12
Exploit-DB
Linux Kernel 2.4.1 < 2.4.37 / 2.6.1 < 2.6.32-rc5 - 'pipe.c' Local Privilege Escalation (3)2009-11-05
Exploit-DB
Linux Kernel 2.6.0 < 2.6.31 - 'pipe.c' Local Privilege Escalation (1)2009-11-03
Exploit-DB
Linux Kernel 2.6.x - 'pipe.c' Local Privilege Escalation (2)2009-11-03

📋Vendor Advisories

2
Ubuntu
Linux kernel vulnerabilities2009-12-05
Red Hat
kernel: fs: pipe.c null pointer dereference2009-10-14

💬Community

1
Bugzilla
CVE-2009-3547 kernel: fs: pipe.c null pointer dereference2009-10-23
CVE-2009-3547 (HIGH CVSS 7) | Multiple race conditions in fs/pipe | cvebase.io