CVE-2009-1961

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-1961
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.

4.7 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

1.9 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=7bfac9ecf0585962fe13584f5cf526d8c8e76f17 Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html Mailing List
http://secunia.com/advisories/35390 Broken Link
http://secunia.com/advisories/35394 Broken Link
http://secunia.com/advisories/35656 Broken Link
http://secunia.com/advisories/35847 Broken Link
http://secunia.com/advisories/36051 Broken Link
http://securitytracker.com/id?1022307 Broken Link Third Party Advisory VDB Entry
http://www.debian.org/security/2009/dsa-1844 Mailing List Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148 Broken Link
http://www.openwall.com/lists/oss-security/2009/05/29/2 Mailing List Patch
http://www.openwall.com/lists/oss-security/2009/05/30/1 Exploit Mailing List Patch
http://www.openwall.com/lists/oss-security/2009/06/02/2 Exploit Mailing List
http://www.openwall.com/lists/oss-security/2009/06/03/1 Exploit Mailing List
http://www.redhat.com/support/errata/RHSA-2009-1157.html Broken Link
http://www.securityfocus.com/bid/35143 Broken Link Exploit Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-793-1 Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=7bfac9ecf0585962fe13584f5cf526d8c8e76f17 Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html Mailing List
http://secunia.com/advisories/35390 Broken Link
http://secunia.com/advisories/35394 Broken Link
http://secunia.com/advisories/35656 Broken Link
http://secunia.com/advisories/35847 Broken Link
http://secunia.com/advisories/36051 Broken Link
http://securitytracker.com/id?1022307 Broken Link Third Party Advisory VDB Entry
http://www.debian.org/security/2009/dsa-1844 Mailing List Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135 Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148 Broken Link
http://www.openwall.com/lists/oss-security/2009/05/29/2 Mailing List Patch
http://www.openwall.com/lists/oss-security/2009/05/30/1 Exploit Mailing List Patch
http://www.openwall.com/lists/oss-security/2009/06/02/2 Exploit Mailing List
http://www.openwall.com/lists/oss-security/2009/06/03/1 Exploit Mailing List
http://www.redhat.com/support/errata/RHSA-2009-1157.html Broken Link
http://www.securityfocus.com/bid/35143 Broken Link Exploit Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-793-1 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
History

21 Nov 2024, 01:03

Type Values Removed Values Added
References () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=7bfac9ecf0585962fe13584f5cf526d8c8e76f17 - Broken Link () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=7bfac9ecf0585962fe13584f5cf526d8c8e76f17 - Broken Link
References () http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html - Mailing List
References () http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html - Mailing List () http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html - Mailing List
References () http://secunia.com/advisories/35390 - Broken Link () http://secunia.com/advisories/35390 - Broken Link
References () http://secunia.com/advisories/35394 - Broken Link () http://secunia.com/advisories/35394 - Broken Link
References () http://secunia.com/advisories/35656 - Broken Link () http://secunia.com/advisories/35656 - Broken Link
References () http://secunia.com/advisories/35847 - Broken Link () http://secunia.com/advisories/35847 - Broken Link
References () http://secunia.com/advisories/36051 - Broken Link () http://secunia.com/advisories/36051 - Broken Link
References () http://securitytracker.com/id?1022307 - Broken Link, Third Party Advisory, VDB Entry () http://securitytracker.com/id?1022307 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.debian.org/security/2009/dsa-1844 - Mailing List, Patch () http://www.debian.org/security/2009/dsa-1844 - Mailing List, Patch
References () http://www.mandriva.com/security/advisories?name=MDVSA-2009:135 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2009:135 - Broken Link
References () http://www.mandriva.com/security/advisories?name=MDVSA-2009:148 - Broken Link () http://www.mandriva.com/security/advisories?name=MDVSA-2009:148 - Broken Link
References () http://www.openwall.com/lists/oss-security/2009/05/29/2 - Mailing List, Patch () http://www.openwall.com/lists/oss-security/2009/05/29/2 - Mailing List, Patch
References () http://www.openwall.com/lists/oss-security/2009/05/30/1 - Exploit, Mailing List, Patch () http://www.openwall.com/lists/oss-security/2009/05/30/1 - Exploit, Mailing List, Patch
References () http://www.openwall.com/lists/oss-security/2009/06/02/2 - Exploit, Mailing List () http://www.openwall.com/lists/oss-security/2009/06/02/2 - Exploit, Mailing List
References () http://www.openwall.com/lists/oss-security/2009/06/03/1 - Exploit, Mailing List () http://www.openwall.com/lists/oss-security/2009/06/03/1 - Exploit, Mailing List
References () http://www.redhat.com/support/errata/RHSA-2009-1157.html - Broken Link () http://www.redhat.com/support/errata/RHSA-2009-1157.html - Broken Link
References () http://www.securityfocus.com/bid/35143 - Broken Link, Exploit, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/35143 - Broken Link, Exploit, Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/usn-793-1 - Third Party Advisory () http://www.ubuntu.com/usn/usn-793-1 - Third Party Advisory

15 Feb 2024, 20:41

Type Values Removed Values Added
CVSS v2 : 1.9
v3 : unknown 		v2 : 1.9
v3 : 4.7
CPE cpe:2.3:o:linux:linux_kernel:2.6.29.rc2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.29.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.22:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.29:rc2_git7:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.29:git1:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.29:rc8-kk:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.13:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.16:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.29.rc1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.10:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.12:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.11:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.20:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.4:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.19:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.29.rc2-git1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.21:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.2:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.23:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.1:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.15:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.17:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.27.18:*:*:*:*:*:*:*		 cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise:11.0:-:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
First Time Opensuse opensuse
Suse linux Enterprise Desktop
Debian debian Linux
Suse
Suse linux Enterprise Server
Canonical ubuntu Linux
Debian
Suse linux Enterprise
Canonical
Opensuse
CWE CWE-362 CWE-667
References (SECTRACK) http://securitytracker.com/id?1022307 - (SECTRACK) http://securitytracker.com/id?1022307 - Broken Link, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/35847 - (SECUNIA) http://secunia.com/advisories/35847 - Broken Link
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html - Mailing List
References () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=7bfac9ecf0585962fe13584f5cf526d8c8e76f17 - () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=7bfac9ecf0585962fe13584f5cf526d8c8e76f17 - Broken Link
References (DEBIAN) http://www.debian.org/security/2009/dsa-1844 - (DEBIAN) http://www.debian.org/security/2009/dsa-1844 - Mailing List, Patch
References (UBUNTU) http://www.ubuntu.com/usn/usn-793-1 - (UBUNTU) http://www.ubuntu.com/usn/usn-793-1 - Third Party Advisory
References (BID) http://www.securityfocus.com/bid/35143 - Exploit (BID) http://www.securityfocus.com/bid/35143 - Broken Link, Exploit, Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/35394 - (SECUNIA) http://secunia.com/advisories/35394 - Broken Link
References (MLIST) http://www.openwall.com/lists/oss-security/2009/05/29/2 - Patch (MLIST) http://www.openwall.com/lists/oss-security/2009/05/29/2 - Mailing List, Patch
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:148 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:148 - Broken Link
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html - Mailing List
References (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html - (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html - Mailing List
References (SECUNIA) http://secunia.com/advisories/35390 - (SECUNIA) http://secunia.com/advisories/35390 - Broken Link
References (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1157.html - (REDHAT) http://www.redhat.com/support/errata/RHSA-2009-1157.html - Broken Link
References (MLIST) http://www.openwall.com/lists/oss-security/2009/06/02/2 - Exploit (MLIST) http://www.openwall.com/lists/oss-security/2009/06/02/2 - Exploit, Mailing List
References (SECUNIA) http://secunia.com/advisories/35656 - (SECUNIA) http://secunia.com/advisories/35656 - Broken Link
References (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:135 - (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:135 - Broken Link
References (MLIST) http://www.openwall.com/lists/oss-security/2009/06/03/1 - Exploit (MLIST) http://www.openwall.com/lists/oss-security/2009/06/03/1 - Exploit, Mailing List
References (MLIST) http://www.openwall.com/lists/oss-security/2009/05/30/1 - Exploit, Patch (MLIST) http://www.openwall.com/lists/oss-security/2009/05/30/1 - Exploit, Mailing List, Patch
References (SECUNIA) http://secunia.com/advisories/36051 - (SECUNIA) http://secunia.com/advisories/36051 - Broken Link

07 Nov 2023, 02:04

Type Values Removed Values Added
References
  • {'url': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7bfac9ecf0585962fe13584f5cf526d8c8e76f17', 'name': 'http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7bfac9ecf0585962fe13584f5cf526d8c8e76f17', 'tags': ['Exploit', 'Patch'], 'refsource': 'CONFIRM'}
  • () http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=7bfac9ecf0585962fe13584f5cf526d8c8e76f17 -
Information

Published : 2009-06-08 01:00

Updated : 2025-04-09 00:30

NVD link : CVE-2009-1961

Mitre link : CVE-2009-1961

CVE.ORG link : CVE-2009-1961

JSON object : View

Products Affected

debian

  • debian_linux

suse

  • linux_enterprise
  • linux_enterprise_server
  • linux_enterprise_desktop

canonical

  • ubuntu_linux

linux

  • linux_kernel

opensuse

  • opensuse
CWE
CWE-667

Improper Locking