CVE-2008-4307

Published: 13 January 2009

Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case.

From the Ubuntu security team

NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.26~rc1)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc
linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.26~rc1)
linux-source-2.6.22
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.26~rc1)

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading