CVE-2008-4307

Publication date 13 January 2009

Last updated 24 July 2024

Ubuntu priority

Race condition in the do_setlk function in fs/nfs/file.c in the Linux kernel before 2.6.26 allows local users to cause a denial of service (crash) via vectors resulting in an interrupted RPC call that leads to a stray FL_POSIX lock, related to improper handling of a race between fcntl and close in the EINTR case.

From the Ubuntu Security Team

NFS did not correctly handle races between fcntl and interrupts. A local attacker on an NFS mount could consume unlimited kernel memory, leading to a denial of service.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	8.10 intrepid	Not affected
	8.04 LTS hardy	Fixed 2.6.24-23.52
	7.10 gutsy	Not in release
	6.06 LTS dapper	Not in release
linux-source-2.6.15	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	6.06 LTS dapper	Fixed 2.6.15-54.76
linux-source-2.6.22	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Fixed 2.6.22-16.62
	6.06 LTS dapper	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Upstream: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=c4d7c402b788b73dc24f1e54a57f89d3dc5eb7bc

CVE-2008-4307

From the Ubuntu Security Team

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references