Vulnerability Details : CVE-2009-2908

The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a NULL pointer dereference, as demonstrated via a Mutt temporary directory in an eCryptfs mount.

Vulnerability category: Memory CorruptionExecute codeDenial of service

Published 2009-10-13 10:30:01

Updated 2023-02-13 02:20:20

Source Red Hat, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-2908

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-2908

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:N/I:N/A:C	3.9	6.9	[email protected]
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: None Integrity Impact: None Availability Impact: Complete

Vendor statements for CVE-2009-2908

Red Hat 2009-11-04

The Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, and Red Hat Enterprise MRG do not include support for eCryptfs, and therefore are not affected by this issue. It was addressed in Red Hat Enterprise Linux 5 via: https://rhn.redhat.com/errata/RHSA-2009-1548.html

References for CVE-2009-2908

Products affected by CVE-2009-2908

Linux » Linux Kernel » Version: 2.6.31
cpe:2.3:o:linux:linux_kernel:2.6.31:*:*:*:*:*:*:*
Matching versions