A vulnerability was found in Linux Kernel 2.6.28.2 (Operating System). It has been classified as critical. This affects the function inotify_read. The manipulation with an unknown input leads to a resource management vulnerability. CWE is classifying the issue as CWE-399. This is going to have an impact on availability. The summary by CVE is:

The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device s event list mutex to be unlocked twice and prevents proper synchronization of a data structure for the inotify instance.

The issue has been introduced in 12/25/2008. The weakness was published 03/17/2009 (Website). It is possible to read the advisory at securityfocus.com. This vulnerability is uniquely identified as CVE-2009-0935 since 03/17/2009. Attacking locally is a requirement. No form of authentication is needed for exploitation. Technical details of the vulnerability are known, but there is no available exploit.

The vulnerability was handled as a non-public zero-day exploit for at least 82 days. During that time the estimated underground price was around $5k-$25k.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

The vulnerability is also documented in the vulnerability database at X-Force (49331).

Productinfo

Type

• Operating System

Vendor

• Linux

Name

• Kernel

Version

• 2.6.28.2

License

• open-source

CPE 2.3info

• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion