CVE-2009-0747 : The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.

The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of service (CPU consumption and error-message flood) by attempting to mount a crafted ext4 filesystem.

Published 2009-02-27 17:30:10

Updated 2018-10-10 19:30:54

Source MITRE

View at NVD, CVE.org

Vulnerability category: Denial of service

Products affected by CVE-2009-0747

Linux » Linux Kernel » Version: 2.6.27 Update RC3
cpe:2.3:o:linux:linux_kernel:2.6.27:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27 Update RC2
cpe:2.3:o:linux:linux_kernel:2.6.27:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27 Update RC1
cpe:2.3:o:linux:linux_kernel:2.6.27:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27 Update RC4
cpe:2.3:o:linux:linux_kernel:2.6.27:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27
cpe:2.3:o:linux:linux_kernel:2.6.27:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.1
cpe:2.3:o:linux:linux_kernel:2.6.27.1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.2
cpe:2.3:o:linux:linux_kernel:2.6.27.2:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.3
cpe:2.3:o:linux:linux_kernel:2.6.27.3:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.4
cpe:2.3:o:linux:linux_kernel:2.6.27.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC2
cpe:2.3:o:linux:linux_kernel:2.6.28:rc2:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC3
cpe:2.3:o:linux:linux_kernel:2.6.28:rc3:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27 Update RC5
cpe:2.3:o:linux:linux_kernel:2.6.27:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27 Update RC9
cpe:2.3:o:linux:linux_kernel:2.6.27:rc9:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27 Update RC8
cpe:2.3:o:linux:linux_kernel:2.6.27:rc8:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28
cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC1
cpe:2.3:o:linux:linux_kernel:2.6.28:rc1:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27 Update RC7
cpe:2.3:o:linux:linux_kernel:2.6.27:rc7:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27 Update RC6
cpe:2.3:o:linux:linux_kernel:2.6.27:rc6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC4
cpe:2.3:o:linux:linux_kernel:2.6.28:rc4:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC5
cpe:2.3:o:linux:linux_kernel:2.6.28:rc5:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC6
cpe:2.3:o:linux:linux_kernel:2.6.28:rc6:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.5
cpe:2.3:o:linux:linux_kernel:2.6.27.5:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.6
cpe:2.3:o:linux:linux_kernel:2.6.27.6:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.7
cpe:2.3:o:linux:linux_kernel:2.6.27.7:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28 Update RC7
cpe:2.3:o:linux:linux_kernel:2.6.28:rc7:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.12
cpe:2.3:o:linux:linux_kernel:2.6.27.12:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.11
cpe:2.3:o:linux:linux_kernel:2.6.27.11:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.17
cpe:2.3:o:linux:linux_kernel:2.6.27.17:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.15
cpe:2.3:o:linux:linux_kernel:2.6.27.15:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.16
cpe:2.3:o:linux:linux_kernel:2.6.27.16:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.8
cpe:2.3:o:linux:linux_kernel:2.6.27.8:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.10
cpe:2.3:o:linux:linux_kernel:2.6.27.10:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.9
cpe:2.3:o:linux:linux_kernel:2.6.27.9:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.14
cpe:2.3:o:linux:linux_kernel:2.6.27.14:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.13
cpe:2.3:o:linux:linux_kernel:2.6.27.13:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.27.18
cpe:2.3:o:linux:linux_kernel:2.6.27.18:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.1
cpe:2.3:o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.2
cpe:2.3:o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.3
cpe:2.3:o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.4
cpe:2.3:o:linux:linux_kernel:2.6.28.4:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.5
cpe:2.3:o:linux:linux_kernel:2.6.28.5:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel » Version: 2.6.28.6
cpe:2.3:o:linux:linux_kernel:2.6.28.6:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2009-0747

Top countries where our scanners detected CVE-2009-0747

Top open port discovered on systems with this issue 49152

IPs affected by CVE-2009-0747 627

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2009-0747!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2009-0747

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 16 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-0747

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

CWE ids for CVE-2009-0747

CWE-399

Assigned by: nvd@nist.gov (Primary)

Vendor statements for CVE-2009-0747

Red Hat 2009-09-02

This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and Red Hat Enterprise MRG. This issue was addressed in Red Hat Enterprise Linux 5 by https://rhn.redhat.com/errata/RHSA-2009-1243.html

References for CVE-2009-0747

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8585
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9200
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

VMSA-2009-0016.6

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/3316

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7

CVEs referencing this url
http://bugzilla.kernel.org/show_bug.cgi?id=12375

Patch
http://www.debian.org/security/2009/dsa-1749

[SECURITY] [DSA 1749-1] New Linux 2.6.26 packages fix several vulnerabilities

CVEs referencing this url
http://www.ubuntu.com/usn/usn-751-1

USN-751-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu

CVEs referencing this url
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/0509

Vendor Advisory

CVEs referencing this url
http://www.securityfocus.com/archive/1/507985/100/0/threaded

CVEs referencing this url
http://rhn.redhat.com/errata/RHSA-2009-1243.html

CVEs referencing this url
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=06a279d636734da32bb62dd2f7b0ade666f65d7c

Jump to