CVE-2009-0935 (GCVE-0-2009-0935)
Vulnerability from cvelistv5
Published
2009-03-18 01:00
Modified
2024-08-07 04:57
Severity ?
CWE
  • n/a
Summary
The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device's event list mutex to be unlocked twice and prevents proper synchronization of a data structure for the inotify instance.
References
cve@mitre.org http://marc.info/?l=linux-kernel&m=123337123501681&w=2 Mailing List, Patch
cve@mitre.org http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3 Broken Link
cve@mitre.org http://www.openwall.com/lists/oss-security/2009/03/06/2 Mailing List, Patch
cve@mitre.org http://www.openwall.com/lists/oss-security/2009/03/18/5 Mailing List
cve@mitre.org http://www.openwall.com/lists/oss-security/2009/03/19/2 Mailing List
cve@mitre.org http://www.securityfocus.com/bid/33624 Broken Link, Patch, Third Party Advisory, VDB Entry
cve@mitre.org https://bugzilla.redhat.com/show_bug.cgi?id=488935 Issue Tracking, Patch
cve@mitre.org https://exchange.xforce.ibmcloud.com/vulnerabilities/49331 Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108 http://marc.info/?l=linux-kernel&m=123337123501681&w=2 Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108 http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3 Broken Link
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2009/03/06/2 Mailing List, Patch
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2009/03/18/5 Mailing List
af854a3a-2127-422b-91ae-364da2661108 http://www.openwall.com/lists/oss-security/2009/03/19/2 Mailing List
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/33624 Broken Link, Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108 https://bugzilla.redhat.com/show_bug.cgi?id=488935 Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108 https://exchange.xforce.ibmcloud.com/vulnerabilities/49331 Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:57:17.139Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "linux-kernel-inotify-read-dos(49331)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49331"
          },
          {
            "name": "33624",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33624"
          },
          {
            "name": "[oss-security] 20090306 CVE request: kernel: inotify local DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/03/06/2"
          },
          {
            "name": "[linux-kernel] 20090131 [patch 03/43] inotify: clean up inotify_read and fix locking",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=linux-kernel\u0026m=123337123501681\u0026w=2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488935"
          },
          {
            "name": "[oss-security] 20090319 Re: CVE request: kernel: inotify local DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/03/19/2"
          },
          {
            "name": "[oss-security] 20090318 Re: CVE request: kernel: inotify local DoS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/03/18/5"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-03-06T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device\u0027s event list mutex to be unlocked twice and prevents proper synchronization of a data structure for the inotify instance."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "linux-kernel-inotify-read-dos(49331)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49331"
        },
        {
          "name": "33624",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33624"
        },
        {
          "name": "[oss-security] 20090306 CVE request: kernel: inotify local DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/03/06/2"
        },
        {
          "name": "[linux-kernel] 20090131 [patch 03/43] inotify: clean up inotify_read and fix locking",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=linux-kernel\u0026m=123337123501681\u0026w=2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488935"
        },
        {
          "name": "[oss-security] 20090319 Re: CVE request: kernel: inotify local DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/03/19/2"
        },
        {
          "name": "[oss-security] 20090318 Re: CVE request: kernel: inotify local DoS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/03/18/5"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0935",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device\u0027s event list mutex to be unlocked twice and prevents proper synchronization of a data structure for the inotify instance."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "linux-kernel-inotify-read-dos(49331)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49331"
            },
            {
              "name": "33624",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33624"
            },
            {
              "name": "[oss-security] 20090306 CVE request: kernel: inotify local DoS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/03/06/2"
            },
            {
              "name": "[linux-kernel] 20090131 [patch 03/43] inotify: clean up inotify_read and fix locking",
              "refsource": "MLIST",
              "url": "http://marc.info/?l=linux-kernel\u0026m=123337123501681\u0026w=2"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=488935",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=488935"
            },
            {
              "name": "[oss-security] 20090319 Re: CVE request: kernel: inotify local DoS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/03/19/2"
            },
            {
              "name": "[oss-security] 20090318 Re: CVE request: kernel: inotify local DoS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/03/18/5"
            },
            {
              "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3",
              "refsource": "CONFIRM",
              "url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0935",
    "datePublished": "2009-03-18T01:00:00",
    "dateReserved": "2009-03-17T00:00:00",
    "dateUpdated": "2024-08-07T04:57:17.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0935\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2009-03-18T02:00:08.157\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device\u0027s event list mutex to be unlocked twice and prevents proper synchronization of a data structure for the inotify instance.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n inotify_read en el kernel de Linux versiones 2.6.27 hasta 2.6.27.13, 2.6.28 hasta 2.6.28.2 y 2.6.29-rc3, permite a los usuarios locales causar una denegaci\u00f3n de servicio (OOPS) por medio de una lectura con una direcci\u00f3n no v\u00e1lida en una instancia inotify, lo que causa que la exclusi\u00f3n mutua de la lista de eventos del dispositivo se desbloquee dos veces e impida la sincronizaci\u00f3n apropiada de una estructura de datos para la instancia inotify.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:N/I:N/A:C\",\"baseScore\":4.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-667\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.27\",\"versionEndIncluding\":\"2.6.27.13\",\"matchCriteriaId\":\"959E86DD-3F82-4BFC-9190-B63FC5B79507\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"2.6.28\",\"versionEndIncluding\":\"2.6.28.2\",\"matchCriteriaId\":\"3421BB9A-F9FC-4BDD-B72B-1DF16DA121A1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:2.6.29:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"92058AE0-2E52-4304-B4C6-871AB1CE42DF\"}]}]}],\"references\":[{\"url\":\"http://marc.info/?l=linux-kernel\u0026m=123337123501681\u0026w=2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/03/06/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/03/18/5\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/03/19/2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.securityfocus.com/bid/33624\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=488935\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49331\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://marc.info/?l=linux-kernel\u0026m=123337123501681\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/03/06/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/03/18/5\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2009/03/19/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.securityfocus.com/bid/33624\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=488935\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/49331\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, or Red Hat Enterprise MRG.\",\"lastModified\":\"2009-04-15T00:00:00\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.