Upstream information
Description
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having important severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 7.8 |
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Access Vector | Network |
| Access Complexity | Low |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Complete |
Note from the SUSE Security Team on the kernel-default package
SUSE will no longer fix all CVEs in the Linux Kernel anymore, but declare some bug classes as won't fix. Please refer to TID 21496 for more details. SUSE Bugzilla entry: 552775 [RESOLVED / FIXED]SUSE Security Advisories:
- SUSE-SA:2009:056, published Mon, 16 Nov 2009 13:00:00 +0000
- SUSE-SA:2009:060, published Wed, 02 Dec 2009 16:00:00 +0000
- SUSE-SA:2009:061, published Mon, 14 Dec 2009 18:00:00 +0000
- SUSE-SA:2009:064, published Tue, 22 Dec 2009 18:00:00 +0000
- SUSE-SA:2010:012, published Mon, 15 Feb 2010 16:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Server for SAP Applications 11 |
| Patchnames: slessp0-kernel |
SUSE Timeline for this CVE
CVE page created: Tue Jul 9 17:12:10 2013CVE page last modified: Tue Jul 16 11:11:15 2024