National Cyber-Alert System

Vulnerability Summary for CVE-2009-1961

Overview

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

Vendor Statments (disclaimer)

Official Statement from Red Hat (07/15/2009)

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and 5. It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-1157.html

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: MLIST

Name: [oss-security] 20090530 Re: CVE request: kernel: splice local denial of service

Type: Patch Information

Hyperlink:http://www.openwall.com/lists/oss-security/2009/05/30/1

External Source: MLIST

Name: [oss-security] 20090529 CVE request: kernel: splice local denial of service

Type: Patch Information

Hyperlink:http://www.openwall.com/lists/oss-security/2009/05/29/2

External Source: CONFIRM

Name: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7bfac9ecf0585962fe13584f5cf526d8c8e76f17

Type: Patch Information

Hyperlink:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7bfac9ecf0585962fe13584f5cf526d8c8e76f17

External Source: BID

Name: 35143

Hyperlink:http://www.securityfocus.com/bid/35143

External Source: REDHAT

Name: RHSA-2009:1157

Hyperlink:http://www.redhat.com/support/errata/RHSA-2009-1157.html

External Source: MLIST

Name: [oss-security] 20090603 Re: CVE request: kernel: splice local denial of service

Hyperlink:http://www.openwall.com/lists/oss-security/2009/06/03/1

External Source: MLIST

Name: [oss-security] 20090602 Re: CVE request: kernel: splice local denial of service

Hyperlink:http://www.openwall.com/lists/oss-security/2009/06/02/2

External Source: MANDRIVA

Name: MDVSA-2009:148

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:148

External Source: MANDRIVA

Name: MDVSA-2009:135

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:135

External Source: DEBIAN

Name: DSA-1844

Hyperlink:http://www.debian.org/security/2009/dsa-1844

External Source: SECTRACK

Name: 1022307

Hyperlink:http://securitytracker.com/id?1022307

External Source: SECUNIA

Name: 36051

Hyperlink:http://secunia.com/advisories/36051

External Source: SECUNIA

Name: 35847

Hyperlink:http://secunia.com/advisories/35847

External Source: SECUNIA

Name: 35394

Hyperlink:http://secunia.com/advisories/35394

External Source: SECUNIA

Name: 35390

Hyperlink:http://secunia.com/advisories/35390

External Source: SUSE

Name: SUSE-SA:2009:038

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html

External Source: SUSE

Name: SUSE-SA:2009:031

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html

External Source: SUSE

Name: SUSE-SA:2009:030

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html