CVE-2008-4307 - OpenCVE

Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

AV:L/AC:H/Au:N/C:N/I:N/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Linux	Linux Kernel
Redhat	Enterprise Linux Enterprise Mrg

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel:2.2.27:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36.3:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.4.36.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc1::::::
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc2::::::
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc3::::::
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc4::::::
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc5::::::
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc6::::::
	cpe:2.3:o:linux:linux_kernel:2.6.18:rc7::::::
	cpe:2.3:o:linux:linux_kernel:2.6.19.4:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.19.7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20.16:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20.17:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20.18:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20.19:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20.20:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.20.21:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.21.5:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.21.6:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.21.7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.2:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.8:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.9:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.10:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.11:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.12:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.13:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.14:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.15:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.17:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.18:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.19:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.20:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.21:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22.22:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22_rc1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.22_rc7:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.23:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.23.8:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.23.9:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.23.10:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.23.11:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.23.12:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.23.13:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.23.15:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.23.16:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.23.17:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.23_rc1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.24:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.24.1:::::::*
	cpe:2.3:o:linux:linux_kernel:2.6.24.2:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.24.3:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.24.4:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.24.5:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.24.6:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.24.7:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.24_rc1:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.24_rc4:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.24_rc5:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25::x86_64:::::
cpe:2.3:o:linux:linux_kernel:2.6.25.1:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.1::x86_64:::::
cpe:2.3:o:linux:linux_kernel:2.6.25.2:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.2::x86_64:::::
cpe:2.3:o:linux:linux_kernel:2.6.25.3:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.3::x86_64:::::
cpe:2.3:o:linux:linux_kernel:2.6.25.4:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.4::x86_64:::::
cpe:2.3:o:linux:linux_kernel:2.6.25.5:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.5::x86_64:::::
cpe:2.3:o:linux:linux_kernel:2.6.25.6:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.6::x86_64:::::
cpe:2.3:o:linux:linux_kernel:2.6.25.7:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.7::x86_64:::::
cpe:2.3:o:linux:linux_kernel:2.6.25.8:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.8::x86_64:::::
cpe:2.3:o:linux:linux_kernel:2.6.25.9::x86_64:::::
cpe:2.3:o:linux:linux_kernel:2.6.25.10:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.10::x86_64:::::
cpe:2.3:o:linux:linux_kernel:2.6.25.11:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.11::x86_64:::::
cpe:2.3:o:linux:linux_kernel:2.6.25.12:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.12::x86_64:::::
cpe:2.3:o:linux:linux_kernel:2.6.25.13:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.14:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.15:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.16:::::::*
cpe:2.3:o:linux:linux_kernel:2.6.25.17:::::::*

Package	CPE	Advisory	Released Date
MRG for RHEL-5
kernel-rt-0:2.6.24.7-111.el5rt	cpe:/a:redhat:enterprise_mrg:1::el5	RHSA-2009:0451	2009-04-29T00:00:00Z
Red Hat Enterprise Linux 4
kernel-0:2.6.9-78.0.22.EL	cpe:/o:redhat:enterprise_linux:4	RHSA-2009:0459	2009-04-30T00:00:00Z
Red Hat Enterprise Linux 5
kernel-0:2.6.18-128.1.10.el5	cpe:/o:redhat:enterprise_linux:5	RHSA-2009:0473	2009-05-07T00:00:00Z

References

Link	Providers
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc
http://openwall.com/lists/oss-security/2009/01/13/1
http://rhn.redhat.com/errata/RHSA-2009-0459.html
http://rhn.redhat.com/errata/RHSA-2009-0473.html
http://secunia.com/advisories/34917
http://secunia.com/advisories/34962
http://secunia.com/advisories/34981
http://secunia.com/advisories/35011
http://secunia.com/advisories/35015
http://secunia.com/advisories/37471
http://www.debian.org/security/2009/dsa-1787
http://www.debian.org/security/2009/dsa-1794
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26
http://www.redhat.com/support/errata/RHSA-2009-0451.html
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.ubuntu.com/usn/usn-751-1
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
https://bugzilla.redhat.com/show_bug.cgi?id=456282
https://nvd.nist.gov/vuln/detail/CVE-2008-4307
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7728
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9233
https://www.cve.org/CVERecord?id=CVE-2008-4307

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2009-01-13T16:00:00

Updated: 2024-08-07T10:08:35.096Z

Reserved: 2008-09-29T00:00:00

Link: CVE-2008-4307

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-01-13T17:00:01.110

Modified: 2023-02-13T02:19:30.500

Link: CVE-2008-4307

Redhat

Severity : Important

Publid Date: 2008-10-30T00:00:00Z

Links: CVE-2008-4307 - Bugzilla

Metrics

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

Metrics

Access Vector Local

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object