Upstream information

CVE-2009-3726 at MITRE

Description

The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.8
Vector AV:N/AC:L/Au:N/C:N/I:N/A:C
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact None
Availability Impact Complete
SUSE Bugzilla entry: 552775 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11
SUSE Linux Enterprise Server for SAP Applications 11
  • ext4dev-kmp-default >= 0_2.6.27.39_0.3-7.1.22
  • ext4dev-kmp-pae >= 0_2.6.27.39_0.3-7.1.22
  • ext4dev-kmp-ppc64 >= 0_2.6.27.39_0.3-7.1.22
  • ext4dev-kmp-vmi >= 0_2.6.27.39_0.3-7.1.22
  • ext4dev-kmp-xen >= 0_2.6.27.39_0.3-7.1.22
  • iscsitarget-kmp-default >= 0.4.15_2.6.27.54_0.2-94.14.8
  • kernel-default >= 2.6.27.39-0.3.1
  • kernel-default-base >= 2.6.27.39-0.3.1
  • kernel-default-man >= 2.6.27.39-0.3.1
  • kernel-kdump >= 2.6.27.39-0.3.1
  • kernel-pae >= 2.6.27.39-0.3.1
  • kernel-pae-base >= 2.6.27.39-0.3.1
  • kernel-ppc64 >= 2.6.27.39-0.3.1
  • kernel-ppc64-base >= 2.6.27.39-0.3.1
  • kernel-source >= 2.6.27.39-0.3.1
  • kernel-syms >= 2.6.27.39-0.3.1
  • kernel-vmi >= 2.6.27.39-0.3.1
  • kernel-vmi-base >= 2.6.27.39-0.3.1
  • kernel-xen >= 2.6.27.39-0.3.1
  • kernel-xen-base >= 2.6.27.39-0.3.1
  • oracleasm-kmp-default >= 2.0.5_2.6.27.54_0.2-7.9.1
 Patchnames:
slessp0-kernel

SUSE Timeline for this CVE

CVE page created: Tue Jul 9 17:12:10 2013
CVE page last modified: Mon Feb 13 11:27:07 2023