CVE DATABASE / CVE-2009-3547
CVE-2009-3547
CVSS 7 · HIGH
Summary
Multiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.
CVSS 3.1 breakdown
| Base score | 7 (HIGH) |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
| Attack vector | LOCAL |
| Attack complexity | HIGH |
| Privileges required | LOW |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity | HIGH |
| Availability | HIGH |
Weakness type (CWE)
Affected products
Linux linux kernelNovell linux desktopOpensuse opensuseSuse suse linux enterprise desktopSuse suse linux enterprise serverCanonical ubuntu linuxFedoraproject fedoraVmware vmaVmware esxRedhat mrg realtimeRedhat enterprise linux desktopRedhat enterprise linux eusRedhat enterprise linux serverRedhat enterprise linux workstation
Check this CVE live
Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
- http://lists.vmware.com/pipermail/security-announce/2010/000082.html
- http://lkml.org/lkml/2009/10/14/184
- http://lkml.org/lkml/2009/10/21/42
- http://marc.info/?l=oss-security&m=125724568017045&w=2
- http://secunia.com/advisories/37351
- http://secunia.com/advisories/38017
- http://secunia.com/advisories/38794
- http://secunia.com/advisories/38834
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6
- http://www.mandriva.com/security/advisories?name=MDVSA-2009:329
Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.