Description
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Published: 2009-11-09
Score: 7.8 High
EPSS: 5.8% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-2003-1 New Linux 2.6.18 packages fix several vulnerabilities
EUVD EUVD EUVD-2009-3698 The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.
Ubuntu USN Ubuntu USN USN-864-1 Linux kernel vulnerabilities
References
Link Providers
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d953126a28f97ec965d23c69fd5795854c048f30 cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html cve-icon cve-icon
http://lists.vmware.com/pipermail/security-announce/2010/000082.html cve-icon cve-icon
http://secunia.com/advisories/37909 cve-icon cve-icon
http://secunia.com/advisories/38794 cve-icon cve-icon
http://secunia.com/advisories/38834 cve-icon cve-icon
http://secunia.com/advisories/40218 cve-icon cve-icon
http://www.debian.org/security/2010/dsa-2005 cve-icon cve-icon
http://www.kernel.org/pub/linux/kernel/v2.6/testing/v2.6.31/ChangeLog-2.6.31-rc4 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2009:329 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/11/05/1 cve-icon cve-icon
http://www.openwall.com/lists/oss-security/2009/11/05/4 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2009-1670.html cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2010-0474.html cve-icon cve-icon
http://www.securityfocus.com/bid/36936 cve-icon cve-icon
http://www.spinics.net/linux/lists/linux-nfs/msg03357.html cve-icon cve-icon
http://www.ubuntu.com/usn/usn-864-1 cve-icon cve-icon
http://www.vupen.com/english/advisories/2010/0528 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=529227 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2009-3726 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6636 cve-icon cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9734 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2009-3726 cve-icon
History

No history.

Subscriptions

Linux Linux Kernel
Redhat Enterprise Linux Enterprise Mrg
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2024-08-07T06:38:30.347Z

Reserved: 2009-10-16T00:00:00.000Z

Link: CVE-2009-3726

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-11-09T19:30:00.360

Modified: 2026-04-23T00:35:47.467

Link: CVE-2009-3726

cve-icon Redhat

Severity : Important

Publid Date: 2008-10-22T00:00:00Z

Links: CVE-2009-3726 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses