CVE-2009-4021
6.1 Medium
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
27.1%
The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack.
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f60311d5f7670d9539b424e4ed8b5c0872fc9e83
lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
secunia.com/advisories/37909
secunia.com/advisories/38017
support.avaya.com/css/P8/documents/100073666
www.debian.org/security/2010/dsa-2005
www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc7
www.openwall.com/lists/oss-security/2009/11/19/1
www.openwall.com/lists/oss-security/2009/11/24/5
www.redhat.com/support/errata/RHSA-2010-0041.html
www.securityfocus.com/bid/37069
bugzilla.redhat.com/show_bug.cgi?id=538734
exchange.xforce.ibmcloud.com/vulnerabilities/54358
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10516
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6955
rhn.redhat.com/errata/RHSA-2010-0046.html
rhn.redhat.com/errata/RHSA-2010-0095.html
Social References
More
Related
6.1 Medium
AI Score
Confidence
High
4.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
0.001 Low
EPSS
Percentile
27.1%