PT-2009-6759 · Opensuse+1 · Kernel-Source-Debuginfo+30

Miklos Szeredi

·

Published

1970-01-01

·

Updated

2024-02-15

·

CVE-2009-1961

CVSS v2.0

7.8

High

VectorAV:N/AC:L/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions openSUSE kernel versions prior to 2.6.30-rc3 openSUSE kernel versions prior to 2.6.27.24 openSUSE kernel versions prior to 2.6.29.4 cluster-network-kmp-pae (affected versions not specified) cluster-network-kmp-default (affected versions not specified) ext4dev-kmp-ppc64 (affected versions not specified) kernel-ppc64-extra (affected versions not specified) ocfs2-kmp-ppc64 (affected versions not specified) cluster-network-kmp-xen (affected versions not specified) ext4dev-kmp-default (affected versions not specified) kernel-ppc64 (affected versions not specified) cluster-network-kmp-ppc64 (affected versions not specified) kernel-default-man (affected versions not specified) ocfs2-kmp-xen (affected versions not specified) kernel-default-extra (affected versions not specified) ext4dev-kmp-pae (affected versions not specified) kernel-xen-extra (affected versions not specified) kernel-debug-extra (affected versions not specified) ext4dev-kmp-vmi (affected versions not specified) kernel-kdump-debuginfo (affected versions not specified) ext4dev-kmp-xen (affected versions not specified) kernel-pae-extra (affected versions not specified) kernel-ppc64-debugsource (affected versions not specified) kernel-ps3 (affected versions not specified) ocfs2-kmp-default (affected versions not specified) ocfs2-kmp-pae (affected versions not specified) kernel-ppc64-base (affected versions not specified) kernel-kdump-debugsource (affected versions not specified) kernel-trace-extra (affected versions not specified) kernel-ppc64-debuginfo (affected versions not specified) kernel-kdump (affected versions not specified) kernel-source-debuginfo (affected versions not specified)
Description The issue is related to multiple vulnerabilities in the openSUSE kernel and various packages, which can lead to a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock. The vulnerabilities can be exploited remotely.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Locking

Weakness Enumeration

CWE-667CWE-189

Related Identifiers

BDU:2015-05219
BDU:2015-05220
BDU:2015-05221
BDU:2015-05222
BDU:2015-05223
BDU:2015-05224
BDU:2015-05225
BDU:2015-05226
BDU:2015-05227
BDU:2015-05228
BDU:2015-05229
BDU:2015-05230
BDU:2015-05231
BDU:2015-05232
BDU:2015-05233
BDU:2015-05234
BDU:2015-05235
BDU:2015-05236
BDU:2015-05237
BDU:2015-05238
BDU:2015-05239
BDU:2015-05240
BDU:2015-05241
BDU:2015-05242
BDU:2015-05243
BDU:2015-05244
BDU:2015-05245
BDU:2015-05246
BDU:2015-05247
CVE-2009-1961
DSA-1844-1
RHSA-2009:1157

Affected Products

Cluster-Network-Kmp-Default
Cluster-Network-Kmp-Pae
Cluster-Network-Kmp-Ppc64
Cluster-Network-Kmp-Xen
Ext4Dev-Kmp-Default
Ext4Dev-Kmp-Pae
Ext4Dev-Kmp-Ppc64
Ext4Dev-Kmp-Vmi
Ext4Dev-Kmp-Xen
Kernel
Kernel-Debug-Extra
Kernel-Default-Extra
Kernel-Default-Man
Kernel-Kdump
Kernel-Kdump-Debuginfo
Kernel-Kdump-Debugsource
Kernel-Pae-Extra
Kernel-Ppc64
Kernel-Ppc64-Base
Kernel-Ppc64-Debuginfo
Kernel-Ppc64-Debugsource
Kernel-Ppc64-Extra
Kernel-Ps3
Kernel-Source-Debuginfo
Kernel-Trace-Extra
Kernel-Xen-Extra
Ocfs2-Kmp-Default
Ocfs2-Kmp-Pae
Ocfs2-Kmp-Ppc64
Ocfs2-Kmp-Xen
Opensuse