CVE-2009-3547

high-risk

Published 2009-11-04

Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

Do I need to act?

3.2% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

5 public exploits available

9844, 33321, 40812 and 2 more

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.0/10 High

LOCAL / HIGH complexity

Affected Products (20)

Linux Kernel

Linux Desktop

Opensuse

Suse Linux Enterprise Desktop

Suse Linux Enterprise Server

Ubuntu Linux

Fedora

Mrg Realtime

Enterprise Linux Desktop

Enterprise Linux Server

Enterprise Linux Workstation

Linux Kernel

Affected Vendors

Redhat Fedoraproject Novell Vmware Suse Linux Opensuse Canonical

References (58)

Broken Link http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=...

Mailing List http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html

Mailing List http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

Broken Link http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

Mailing List http://lists.vmware.com/pipermail/security-announce/2010/000082.html

Exploit http://lkml.org/lkml/2009/10/14/184

Mailing List http://lkml.org/lkml/2009/10/21/42

Mailing List http://marc.info/?l=oss-security&m=125724568017045&w=2

Broken Link http://secunia.com/advisories/37351

Broken Link http://secunia.com/advisories/38017

Broken Link http://secunia.com/advisories/38794

Broken Link http://secunia.com/advisories/38834

Broken Link http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6

Broken Link http://www.mandriva.com/security/advisories?name=MDVSA-2009:329

Broken Link http://www.redhat.com/support/errata/RHSA-2009-1672.html

Broken Link http://www.securityfocus.com/archive/1/512019/100/0/threaded

Broken Link http://www.securityfocus.com/bid/36901

Third Party Advisory http://www.ubuntu.com/usn/usn-864-1

Broken Link http://www.vupen.com/english/advisories/2010/0528

and 38 more references

/ 100

high-risk

Severity 18/34 · Moderate

Exploitability 13/34 · Low

Exposure 23/34 · High