Your submission was sent successfully! Close

CVE-2008-4307

Published: 13 January 2009

Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case.

From the Ubuntu security team

NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy Does not exist

hardy
Released (2.6.24-23.52)
intrepid Not vulnerable

upstream
Released (2.6.26~rc1)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper
Released (2.6.15-54.76)
gutsy Does not exist

hardy Does not exist

intrepid Does not exist

upstream
Released (2.6.26~rc1)
linux-source-2.6.22
Launchpad, Ubuntu, Debian
dapper Does not exist

gutsy
Released (2.6.22-16.62)
hardy Does not exist

intrepid Does not exist

upstream
Released (2.6.26~rc1)