CVE-2009-3726
published 2009-11-09CVE-2009-3726: The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of…
PriorityP342high7.8CVSS 2.0
AVNACLAuNCNINAC
EXPLOIT
EPSS
12.00%
95.6th percentile
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Affected
342 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | <= 2.6.31 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat7.8HIGH
vendor_ubuntu4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2009-12-05·CVSS 4.9
CVE-2009-3726 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
It was discovered that the AX.25 network subsystem did not correctly
check integer signedness in certain setsockopt calls. A local attacker
could exploit this to crash the system, leading to a denial of service.
Ubuntu 9.10 was not affected. (CVE-2009-2909)
Jan Beulich discovered that the kernel could leak register contents to
32-bit processes that were switched to 64-bit mode. A local attacker
could run a specially crafted binary to read register values from an
earlier process, leading to a loss of privacy. (CVE-2009-2910)
Dave Jones discovered that the gdth SCSI driver did not correctly validate
array indexes in certain ioctl calls. A local attacker could exploit
this to crash the system or gain elevated privil
Red Hat
kernel: nfsv4: kernel panic in nfs4_proc_lock()
vendor_redhat·2008-10-22·CVSS 7.8
CVE-2009-3726 [HIGH] CWE-662 kernel: nfsv4: kernel panic in nfs4_proc_lock()
kernel: nfsv4: kernel panic in nfs4_proc_lock()
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Statement: The Linux kernel as shipped with Red Hat Enterprise Linux 3 did not have support for NFSv4, and therefore is not affected by this issue. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0474.html, https://rhn.redhat.com/errata/RHSA-2009-1670.html and https://rhn.redhat.com/errata/RHSA-2009-1635.html respectively.
GHSA
GHSA-76cp-8jf4-8pv2: The nfs4_proc_lock function in fs/nfs/nfs4proc
ghsa_unreviewed·2022-05-02
CVE-2009-3726 [HIGH] GHSA-76cp-8jf4-8pv2: The nfs4_proc_lock function in fs/nfs/nfs4proc
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
No detection rules found.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d953126a28f97ec965d23c69fd5795854c048f30http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.htmlhttp://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttp://secunia.com/advisories/37909http://secunia.com/advisories/38794http://secunia.com/advisories/38834http://secunia.com/advisories/40218http://www.debian.org/security/2010/dsa-2005http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc4http://www.mandriva.com/security/advisories?name=MDVSA-2009:329http://www.mandriva.com/security/advisories?name=MDVSA-2011:051http://www.openwall.com/lists/oss-security/2009/11/05/1http://www.openwall.com/lists/oss-security/2009/11/05/4http://www.redhat.com/support/errata/RHSA-2009-1670.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0474.htmlhttp://www.securityfocus.com/bid/36936http://www.spinics.net/linux/lists/linux-nfs/msg03357.htmlhttp://www.ubuntu.com/usn/usn-864-1http://www.vupen.com/english/advisories/2010/0528https://bugzilla.redhat.com/show_bug.cgi?id=529227https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6636https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9734http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d953126a28f97ec965d23c69fd5795854c048f30http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.htmlhttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.htmlhttp://lists.vmware.com/pipermail/security-announce/2010/000082.htmlhttp://secunia.com/advisories/37909http://secunia.com/advisories/38794http://secunia.com/advisories/38834http://secunia.com/advisories/40218http://www.debian.org/security/2010/dsa-2005http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc4http://www.mandriva.com/security/advisories?name=MDVSA-2009:329http://www.mandriva.com/security/advisories?name=MDVSA-2011:051http://www.openwall.com/lists/oss-security/2009/11/05/1http://www.openwall.com/lists/oss-security/2009/11/05/4http://www.redhat.com/support/errata/RHSA-2009-1670.htmlhttp://www.redhat.com/support/errata/RHSA-2010-0474.htmlhttp://www.securityfocus.com/bid/36936http://www.spinics.net/linux/lists/linux-nfs/msg03357.htmlhttp://www.ubuntu.com/usn/usn-864-1http://www.vupen.com/english/advisories/2010/0528https://bugzilla.redhat.com/show_bug.cgi?id=529227https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6636https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9734
2009-11-09
Published