CVE-2009-0935

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.27 through 2.6.27.13 Linux kernel versions 2.6.28 through 2.6.28.2 Linux kernel version 2.6.29-rc3

Description The issue allows local users to cause a denial of service via a read with an invalid address to an inotify instance. This causes the device's event list mutex to be unlocked twice, preventing proper synchronization of a data structure for the inotify instance.

Recommendations For Linux kernel versions 2.6.27 through 2.6.27.13, update to a version outside of this range to resolve the issue. For Linux kernel versions 2.6.28 through 2.6.28.2, update to a version outside of this range to resolve the issue. For Linux kernel version 2.6.29-rc3, update to a newer version to resolve the issue. As a temporary workaround, consider restricting access to the inotify instance to minimize the risk of exploitation.