CVE Database As of 11-21-2019

CVE-2009-1961

Impact by CVSS Score
  • ID: CVE-2009-1961
Summary:

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.

Exploitability Analysis: Local

A vulnerability exploitable with only local access requires the attacker to have either physical access to the vulnerable system or a local (shell) account. Examples of locally exploitable vulnerabilities are peripheral attacks such as Firewire/USB DMA attacks, and local privilege escalations (e.g., sudo).

Exploitability Complexity: Medium

The access conditions are somewhat specialized; the following are examples: The attacking party is limited to a group of systems or users at some level of authorization, possibly untrusted. Some information must be gathered before a successful attack can be launched. The affected configuration is non-default, and is not commonly configured (e.g., a vulnerability present when a server performs user account authentication via a specific scheme, but not present for another authentication scheme). The attack requires a small amount of social engineering that might occasionally fool cautious users (e.g., phishing attacks that modify a web browser’s status bar to show a false link, having to be on someone’s “buddy” list before sending an IM exploit).

Authentication: None

Authentication is not required to access and exploit the vulnerability.

Confidentiality Impact: None

There is no impact to the confidentiality of the system.

Integrity Impact: None

There is no impact to the integrity of the system.

Availability Impact: Partial

There is reduced performance or interruptions in resource availability. An example is a network-based flood attack that permits a limited number of successful connections to an Internet service.

Products Affected

cpe:/o:linux:linux_kernel:2.6.27.1

cpe:/o:linux:linux_kernel:2.6.27.2

cpe:/o:linux:linux_kernel:2.6.27.3

cpe:/o:linux:linux_kernel:2.6.27.4

cpe:/o:linux:linux_kernel:2.6.27.10

cpe:/o:linux:linux_kernel:2.6.27.11

cpe:/o:linux:linux_kernel:2.6.27.12

cpe:/o:linux:linux_kernel:2.6.27.13

cpe:/o:linux:linux_kernel:2.6.27.14

cpe:/o:linux:linux_kernel:2.6.27.15

cpe:/o:linux:linux_kernel:2.6.27.16

cpe:/o:linux:linux_kernel:2.6.27.17

cpe:/o:linux:linux_kernel:2.6.27.18

cpe:/o:linux:linux_kernel:2.6.27.19

cpe:/o:linux:linux_kernel:2.6.27.20

cpe:/o:linux:linux_kernel:2.6.27.21

cpe:/o:linux:linux_kernel:2.6.27.22

cpe:/o:linux:linux_kernel:2.6.27.23

cpe:/o:linux:linux_kernel:2.6.29:git1

cpe:/o:linux:linux_kernel:2.6.29:rc2_git7

cpe:/o:linux:linux_kernel:2.6.29:rc8-kk

cpe:/o:linux:linux_kernel:2.6.29.3

cpe:/o:linux:linux_kernel:2.6.29.rc1

cpe:/o:linux:linux_kernel:2.6.29.rc2

cpe:/o:linux:linux_kernel:2.6.29.rc2-git1

cpe:/o:linux:linux_kernel:2.6.30:rc1

cpe:/o:linux:linux_kernel:2.6.30:rc2


Search
Impact
Low
CVSS Score
1.9
Created
2009-06-07 21:00:00
Modified
2012-03-19 00:00:00

You never have to pay for a vulnerability scanning and management software again.

Tired of paying a subscription 'per asset' or 'per IP'? Well you can officially cancel your current subscription. Mageni provides a free, open source and enterprise-ready vulnerability scanning and management platform which helps you to find, prioritize, remediate and manage your vulnerabilities. It is free and always will be