[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248149

 
 

909

 
 

194803

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2009-4021Date: (C)2009-11-25   (M)2024-02-22


The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption attack.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.9
Exploit Score: 3.9
Impact Score: 6.9
 
CVSS V2 Metrics:
Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: COMPLETE
  
Reference:
BID-37069
SECUNIA-37909
SECUNIA-38017
DSA-2005
RHSA-2010:0041
RHSA-2010:0046
RHSA-2010:0095
SUSE-SA:2009:061
SUSE-SA:2009:064
SUSE-SA:2010:001
SUSE-SA:2010:012
http://www.openwall.com/lists/oss-security/2009/11/19/1
http://www.openwall.com/lists/oss-security/2009/11/24/5
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f60311d5f7670d9539b424e4ed8b5c0872fc9e83
http://support.avaya.com/css/P8/documents/100073666
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc7
https://bugzilla.redhat.com/show_bug.cgi?id=538734
kernel-fusedirectio-dos(54358)
oval:org.mitre.oval:def:10516
oval:org.mitre.oval:def:6955

CWE    1
CWE-399
OVAL    8
oval:org.secpod.oval:def:700020
oval:org.mitre.oval:def:6841
oval:org.secpod.oval:def:201720
oval:org.secpod.oval:def:201799
...

© SecPod Technologies