CVE-2009-3547

Description

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

CVSS Metrics

• v3.1•HIGH•Score: 7CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
• v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 3.15%• Percentile: 87%

Techniques & Countermeasures

• CWE-362•Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

  The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

• CWE-476•NULL Pointer Dereference

  The product dereferences a pointer that it expects to be valid but is NULL.

• CWE-672•Operation on a Resource after Expiration or Release

  The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

Affected Systems

• canonical•ubuntu_linux

  6.06 | 8.04 | 8.10 | 9.04 | 9.10

• fedoraproject•fedora

  10

• linux•linux_kernel

  ≤ 2.6.31.14 | 2.6.32 | 2.6.32:rc1 | 2.6.32:rc2 | 2.6.32:rc3 | 2.6.32:rc4 | 2.6.32:rc5

• novell•linux_desktop

  9

• opensuse•opensuse

  11.0 | 11.2

• redhat•enterprise_linux_desktop

  3.0 | 4.0 | 5.0

• redhat•enterprise_linux_eus

  4.8 | 5.4

• redhat•enterprise_linux_server

  3.0 | 4.0 | 5.0

• redhat•enterprise_linux_workstation

  3.0 | 4.0 | 5.0

• redhat•mrg_realtime

  1.0

• suse•suse_linux_enterprise_desktop

  10:sp2

• suse•suse_linux_enterprise_server

  10:sp2

• vmware•esx

  4.0

• vmware•vma

  4.0

References (29)

• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513
• http://www.redhat.com/support/errata/RHSA-2009-1672.html
• http://www.securityfocus.com/archive/1/512019/100/0/threaded
• http://www.securityfocus.com/bid/36901
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c
• https://rhn.redhat.com/errata/RHSA-2009-1540.html
• http://www.ubuntu.com/usn/usn-864-1
• http://secunia.com/advisories/38794
• http://lists.vmware.com/pipermail/security-announce/2010/000082.html
• http://lkml.org/lkml/2009/10/21/42
• http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
• https://rhn.redhat.com/errata/RHSA-2009-1541.html
• http://www.mandriva.com/security/advisories?name=MDVSA-2009:329
• http://secunia.com/advisories/37351
• http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
• http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608
• http://marc.info/?l=oss-security&m=125724568017045&w=2
• https://rhn.redhat.com/errata/RHSA-2009-1548.html
• http://secunia.com/advisories/38834
• http://lkml.org/lkml/2009/10/14/184
• https://rhn.redhat.com/errata/RHSA-2009-1550.html
• http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327
• http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
• https://bugzilla.redhat.com/show_bug.cgi?id=530490
• http://secunia.com/advisories/38017
• https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html
• http://www.vupen.com/english/advisories/2010/0528