Vulnerability Details : CVE-2009-4410
The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows local users to cause a denial of service (panic) via unknown vectors.
Vulnerability category: Denial of service
Products affected by CVE-2009-4410
- cpe:2.3:o:linux:linux_kernel:2.6.30:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29:rc8-kk:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29.rc1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29.rc2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29.rc2-git1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30.2:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30:rc7-git6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30:rc4:x86_32:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30.3:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30:rc6:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30.9:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30.4:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30.7:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30.5:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29:rc2_git7:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30.6:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30.8:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30.1:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29:git1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.29:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.30.y:*:*:*:*:*:*:*
Threat overview for CVE-2009-4410
Top countries where our scanners detected CVE-2009-4410
Top open port discovered on systems with this issue
52869
IPs affected by CVE-2009-4410 13,586
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-4410!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-4410
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-4410
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:N/I:N/A:C |
3.9
|
6.9
|
NIST |
Vendor statements for CVE-2009-4410
-
Red Hat 2009-12-31Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG. Shipped kernels do not include upstream commit 59efec7b that introduced the problem.
References for CVE-2009-4410
Jump to