CVE-2009-3547

Exploit

EPSS 3.44%
Published 04.11.2009 15:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

Affected products Warnungen 0 Metrics 3 CWE 3 References 32

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 2.6.31.14

Linux ≫ Linux Kernel Version2.6.32 Update-

Linux ≫ Linux Kernel Version2.6.32 Updaterc1

Linux ≫ Linux Kernel Version2.6.32 Updaterc2

Linux ≫ Linux Kernel Version2.6.32 Updaterc3

Linux ≫ Linux Kernel Version2.6.32 Updaterc4

Linux ≫ Linux Kernel Version2.6.32 Updaterc5

Novell ≫ Linux Desktop Version9

Opensuse ≫ Opensuse Version11.0

Opensuse ≫ Opensuse Version11.2

Suse ≫ Suse Linux Enterprise Desktop Version10 Updatesp2

Suse ≫ Suse Linux Enterprise Server Version10 Updatesp2

Canonical ≫ Ubuntu Linux Version6.06

Canonical ≫ Ubuntu Linux Version8.04

Canonical ≫ Ubuntu Linux Version8.10

Canonical ≫ Ubuntu Linux Version9.04

Canonical ≫ Ubuntu Linux Version9.10

Fedoraproject ≫ Fedora Version10

VMware ≫ Vma Version4.0

VMware ≫ Esx Version4.0

Redhat ≫ Mrg Realtime Version1.0

Redhat ≫ Enterprise Linux Desktop Version3.0

Redhat ≫ Enterprise Linux Desktop Version4.0

Redhat ≫ Enterprise Linux Desktop Version5.0

Redhat ≫ Enterprise Linux Eus Version4.8

Redhat ≫ Enterprise Linux Eus Version5.4

Redhat ≫ Enterprise Linux Server Version3.0

Redhat ≫ Enterprise Linux Server Version4.0

Redhat ≫ Enterprise Linux Server Version5.0

Redhat ≫ Enterprise Linux Workstation Version3.0

Redhat ≫ Enterprise Linux Workstation Version4.0

Redhat ≫ Enterprise Linux Workstation Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.44%	0.871

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7	1	5.9	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

CWE-672 Operation on a Resource after Expiration or Release

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/38794

Broken Link

http://www.vupen.com/english/advisories/2010/0528

Broken Link

http://www.securityfocus.com/archive/1/512019/100/0/threaded