CVE-2009-1961

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.

CVSS v3 4.7 MEDIUM
CVSS v2.0 1.9 LOW

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=7bfac9ecf0585962fe13584f5cf526d8c8e76f17	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html	Mailing List
http://secunia.com/advisories/35390	Broken Link
http://secunia.com/advisories/35394	Broken Link
http://secunia.com/advisories/35656	Broken Link
http://secunia.com/advisories/35847	Broken Link
http://secunia.com/advisories/36051	Broken Link
http://securitytracker.com/id?1022307	Broken Link Third Party Advisory VDB Entry
http://www.debian.org/security/2009/dsa-1844	Mailing List Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135	Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148	Broken Link
http://www.openwall.com/lists/oss-security/2009/05/29/2	Mailing List Patch
http://www.openwall.com/lists/oss-security/2009/05/30/1	Exploit Mailing List Patch
http://www.openwall.com/lists/oss-security/2009/06/02/2	Exploit Mailing List
http://www.openwall.com/lists/oss-security/2009/06/03/1	Exploit Mailing List
http://www.redhat.com/support/errata/RHSA-2009-1157.html	Broken Link
http://www.securityfocus.com/bid/35143	Broken Link Exploit Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-793-1	Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=7bfac9ecf0585962fe13584f5cf526d8c8e76f17	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html	Mailing List
http://secunia.com/advisories/35390	Broken Link
http://secunia.com/advisories/35394	Broken Link
http://secunia.com/advisories/35656	Broken Link
http://secunia.com/advisories/35847	Broken Link
http://secunia.com/advisories/36051	Broken Link
http://securitytracker.com/id?1022307	Broken Link Third Party Advisory VDB Entry
http://www.debian.org/security/2009/dsa-1844	Mailing List Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135	Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148	Broken Link
http://www.openwall.com/lists/oss-security/2009/05/29/2	Mailing List Patch
http://www.openwall.com/lists/oss-security/2009/05/30/1	Exploit Mailing List Patch
http://www.openwall.com/lists/oss-security/2009/06/02/2	Exploit Mailing List
http://www.openwall.com/lists/oss-security/2009/06/03/1	Exploit Mailing List
http://www.redhat.com/support/errata/RHSA-2009-1157.html	Broken Link
http://www.securityfocus.com/bid/35143	Broken Link Exploit Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-793-1	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.6.30:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.30:rc2::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:opensuse:opensuse:10.3:::::::*
	cpe:2.3:o:opensuse:opensuse:11.1:::::::*
	cpe:2.3:o:suse:linux_enterprise:11.0:-::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:-::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:-::::::

History

No history.

Information

Published : 2009-06-08 01:00

Updated : 2025-04-09 00:30

NVD link : CVE-2009-1961

Mitre link : CVE-2009-1961

CVE.ORG link : CVE-2009-1961

JSON object : View

Products Affected

opensuse

opensuse

debian

debian_linux

suse

linux_enterprise_desktop
linux_enterprise_server
linux_enterprise

linux

linux_kernel

canonical

ubuntu_linux

CWE

CWE-667

Improper Locking

4.7 /10

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

1.9 /10

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

JSON object

Attach tags to CVE-2009-1961

4.7^/10

1.9^/10

Attach tags to `CVE-2009-1961`