CVE-2009-3547

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2009-3547
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2009-11-04 15:30:00 UTC
Updated2023-11-03 17:14:00 UTC
DescriptionMultiple race conditions in fs/pipe.c in the Linux kernel before 2.6.32-rc6 allow local users to cause a denial of service (NULL pointer dereference and system crash) or gain privileges by attempting to open an anonymous pipe via a /proc/*/fd/ pathname.

Risk And Classification

Problem Types: CWE-362 | CWE-476

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Canonical Ubuntu Linux 6.06 All All All
Operating System Canonical Ubuntu Linux 8.04 All All All
Operating System Canonical Ubuntu Linux 8.10 All All All
Operating System Canonical Ubuntu Linux 9.04 All All All
Operating System Canonical Ubuntu Linux 9.10 All All All
Operating System Canonical Ubuntu Linux 6.06 All All All
Operating System Canonical Ubuntu Linux 8.04 All All All
Operating System Canonical Ubuntu Linux 8.10 All All All
Operating System Canonical Ubuntu Linux 9.04 All All All
Operating System Canonical Ubuntu Linux 9.10 All All All
Operating System Fedoraproject Fedora 10 All All All
Operating System Fedoraproject Fedora 10 All All All
Operating System Linux Linux Kernel 2.6.32 - All All
Operating System Linux Linux Kernel 2.6.32 rc1 All All
Operating System Linux Linux Kernel 2.6.32 rc2 All All
Operating System Linux Linux Kernel 2.6.32 rc3 All All
Operating System Linux Linux Kernel 2.6.32 rc4 All All
Operating System Linux Linux Kernel 2.6.32 rc5 All All
Operating System Linux Linux Kernel 2.6.32 - All All
Operating System Linux Linux Kernel 2.6.32 rc1 All All
Operating System Linux Linux Kernel 2.6.32 rc2 All All
Operating System Linux Linux Kernel 2.6.32 rc3 All All
Operating System Linux Linux Kernel 2.6.32 rc4 All All
Operating System Linux Linux Kernel 2.6.32 rc5 All All
Operating System Linux Linux Kernel All All All All
Operating System Novell Linux Desktop 9 All All All
Operating System Novell Linux Desktop 9 All All All
Operating System Opensuse Opensuse 11.0 All All All
Operating System Opensuse Opensuse 11.2 All All All
Operating System Opensuse Opensuse 11.0 All All All
Operating System Opensuse Opensuse 11.2 All All All
Operating System Redhat Enterprise Linux Desktop 3.0 All All All
Operating System Redhat Enterprise Linux Desktop 4.0 All All All
Operating System Redhat Enterprise Linux Desktop 5.0 All All All
Operating System Redhat Enterprise Linux Eus 4.8 All All All
Operating System Redhat Enterprise Linux Eus 5.4 All All All
Operating System Redhat Enterprise Linux Server 3.0 All All All
Operating System Redhat Enterprise Linux Server 4.0 All All All
Operating System Redhat Enterprise Linux Server 5.0 All All All
Operating System Redhat Enterprise Linux Workstation 3.0 All All All
Operating System Redhat Enterprise Linux Workstation 4.0 All All All
Operating System Redhat Enterprise Linux Workstation 5.0 All All All
Application Redhat Mrg Realtime 1.0 All All All
Operating System Suse Suse Linux Enterprise Desktop 10 sp2 All All
Operating System Suse Suse Linux Enterprise Desktop 10 sp2 All All
Operating System Suse Suse Linux Enterprise Server 10 sp2 All All
Operating System Suse Suse Linux Enterprise Server 10 sp2 All All
Operating System Vmware Esx 4.0 All All All
Operating System Vmware Esx 4.0 All All All
Application Vmware Vma 4.0 All All All
Application Vmware Vma 4.0 All All All

References

ReferenceSourceLinkTags
access.redhat.com | CVE-2009-3547 MISC access.redhat.com
Red Hat Customer Portal MISC access.redhat.com
Repository / Oval Repository OVAL oval.cisecurity.org Third Party Advisory
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20 SUSE lists.opensuse.org Mailing List, Third Party Advisory
Repository / Oval Repository OVAL oval.cisecurity.org Third Party Advisory
rhn.redhat.com | Red Hat Support REDHAT rhn.redhat.com Third Party Advisory
Webmail : Solution de messagerie professionnelle - OVHcloud- OVH VUPEN www.vupen.com Broken Link
[SECURITY] Fedora 10 Update: kernel-2.6.27.38-170.2.113.fc10 FEDORA www.redhat.com Mailing List, Third Party Advisory
Red Hat Customer Portal MISC access.redhat.com
Support REDHAT www.redhat.com Broken Link
USN-864-1: Linux kernel vulnerabilities | Ubuntu UBUNTU www.ubuntu.com Third Party Advisory
LKML: Earl Chew: fs/pipe.c null pointer dereference MLIST lkml.org Exploit, Mailing List, Third Party Advisory
Support / Security / Advisories / / MDVSA-2009:329 | Mandriva MANDRIVA www.mandriva.com Broken Link
rhn.redhat.com | Red Hat Support REDHAT rhn.redhat.com Third Party Advisory
rhn.redhat.com | Red Hat Support REDHAT rhn.redhat.com Third Party Advisory
Repository / Oval Repository OVAL oval.cisecurity.org Third Party Advisory
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20 SUSE lists.opensuse.org Mailing List, Third Party Advisory
SUSE update for kernel - Secunia Advisories - Vulnerability Information - Secunia.com SECUNIA secunia.com Broken Link
Red Hat Customer Portal MISC access.redhat.com
Red Hat Customer Portal MISC access.redhat.com
LKML: =?UTF-8?Q?Am=C3=A9rico_Wang?=: Re: [PATCH v4 1/1]: fs: pipe.c null pointer dereference + really sign off + unmangled diffs MLIST lkml.org Mailing List, Patch, Third Party Advisory
SUSE update for kernel - Secunia Advisories - Vulnerability Information - Secunia.com SECUNIA secunia.com Broken Link
kernel/git/torvalds/linux.git - Linux kernel source tree MISC git.kernel.org
404: File not found CONFIRM www.kernel.org Broken Link
530490 – (CVE-2009-3547) CVE-2009-3547 kernel: fs: pipe.c null pointer dereference CONFIRM bugzilla.redhat.com Issue Tracking, Patch, Third Party Advisory
Red Hat Customer Portal REDHAT rhn.redhat.com Third Party Advisory
Red Hat Customer Portal MISC access.redhat.com
VMware vMA Update for Multiple Packages - Advisories - Community SECUNIA secunia.com Broken Link
'[oss-security] CVE-2009-3547 kernel: fs: pipe.c null pointer dereference' - MARC MLIST marc.info Mailing List, Third Party Advisory
Red Hat Customer Portal MISC access.redhat.com
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20 SUSE lists.opensuse.org Mailing List, Third Party Advisory
SecurityFocus BUGTRAQ www.securityfocus.com Third Party Advisory, VDB Entry
[Security-announce] VMSA-2010-0004 ESX Service Console and vMA third party updates MLIST lists.vmware.com Mailing List, Third Party Advisory
Linux Kernel 'pipe.c' Local Privilege Escalation Vulnerability BID www.securityfocus.com Exploit, Third Party Advisory, VDB Entry
kernel/git/torvalds/linux.git - Linux kernel source tree CONFIRM git.kernel.org Mailing List, Patch, Vendor Advisory
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20 SUSE lists.opensuse.org Mailing List, Third Party Advisory
Red Hat Customer Portal MISC access.redhat.com
VMware ESX Server 4 Multiple Vulnerabilities - Advisories - Community SECUNIA secunia.com Broken Link
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report