CVE-2008-4307

Publication date 13 January 2009

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case.

From the Ubuntu Security Team

NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service.

Status

No maintained releases are affected by this CVE.

Package Ubuntu Release Status
linux 8.10 intrepid
Not affected
8.04 LTS hardy
Fixed 2.6.24-23.52
7.10 gutsy Not in release
6.06 LTS dapper Not in release
linux-source-2.6.15 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy Not in release
6.06 LTS dapper
Fixed 2.6.15-54.76
linux-source-2.6.22 8.10 intrepid Not in release
8.04 LTS hardy Not in release
7.10 gutsy
Fixed 2.6.22-16.62
6.06 LTS dapper Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
linux

References

Related Ubuntu Security Notices (USN)

    • USN-752-1
    • Linux kernel vulnerabilities
    • 7 April 2009
    • USN-751-1
    • Linux kernel vulnerabilities
    • 6 April 2009

Other references