CVE-2009-3547

high

Description

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

References

https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html

https://rhn.redhat.com/errata/RHSA-2009-1550.html

https://rhn.redhat.com/errata/RHSA-2009-1548.html

https://rhn.redhat.com/errata/RHSA-2009-1541.html

https://rhn.redhat.com/errata/RHSA-2009-1540.html

https://bugzilla.redhat.com/show_bug.cgi?id=530490

http://www.ubuntu.com/usn/usn-864-1

http://marc.info/?l=oss-security&m=125724568017045&w=2

http://lkml.org/lkml/2009/10/21/42

http://lists.vmware.com/pipermail/security-announce/2010/000082.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html

http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html

Details

Source: Mitre, NVD

Published: 2009-11-04

Updated: 2024-02-15

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High