CVE-2009-3547
HIGH severity · CVSS 7 · CWE-362
7CVSS HIGH
Summary
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
Impact & exploitability
Attack vectorLocal
Attack complexityHigh
Privileges requiredLow
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactHigh
Exploit probability (EPSS)5%
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://lkml.org/lkml/2009/10/21/42 ↗
Additional information
- NVD record
- http://lkml.org/lkml/2009/10/21/42Patch
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.htmlAdvisory
- http://lists.vmware.com/pipermail/security-announce/2010/000082.htmlAdvisory
- http://lkml.org/lkml/2009/10/14/184Exploit