Lucene search

PRIOn knowledge basePRION:CVE-2009-1961

HistoryJun 08, 2009 - 1:00 a.m.

Design/Logic Flaw

2009-06-0801:00:00

PRIOn knowledge base

www.prio-n.com

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.

CPENameOperatorVersion
ubuntu_linuxeq9.04
ubuntu_linuxeq8.10
ubuntu_linuxeq8.04
ubuntu_linuxeq6.06
debian_linuxeq4.0
linux_kerneleq2.6.30 rc2
linux_kerneleq2.6.30 rc1
linux_kernelle2.6.19
linux_kernelge2.6.29
linux_kernellt2.6.29.4

Name	Operator	Version
ubuntu_linux	eq	9.04
ubuntu_linux	eq	8.10
ubuntu_linux	eq	8.04
ubuntu_linux	eq	6.06
debian_linux	eq	4.0
linux_kernel	eq	2.6.30 rc2
linux_kernel	eq	2.6.30 rc1
linux_kernel	le	2.6.19
linux_kernel	ge	2.6.29
linux_kernel	lt	2.6.29.4

Rows per page:

1-10 of 171

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=7bfac9ecf0585962fe13584f5cf526d8c8e76f17

lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html

lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html

lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html

secunia.com/advisories/35390

secunia.com/advisories/35394

secunia.com/advisories/35656

secunia.com/advisories/35847

secunia.com/advisories/36051

securitytracker.com/id?1022307

www.debian.org/security/2009/dsa-1844

www.mandriva.com/security/advisories?name=MDVSA-2009:135

www.mandriva.com/security/advisories?name=MDVSA-2009:148

www.openwall.com/lists/oss-security/2009/05/29/2

www.openwall.com/lists/oss-security/2009/05/30/1

www.openwall.com/lists/oss-security/2009/06/02/2

www.openwall.com/lists/oss-security/2009/06/03/1

www.redhat.com/support/errata/RHSA-2009-1157.html

www.securityfocus.com/bid/35143

www.ubuntu.com/usn/usn-793-1

4.7 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

6.6 Medium

AI Score

Confidence

High

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

5.4%

JSON

Related for PRION:CVE-2009-1961