CVE-2008-3275

Linux kernel local filesystem DoS

Severity Score

5.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The (1) real_lookup and (2) __lookup_hash functions in fs/namei.c in the vfs implementation in the Linux kernel before 2.6.25.15 do not prevent creation of a child dentry for a deleted (aka S_DEAD) directory, which allows local users to cause a denial of service ("overflow" of the UBIFS orphan area) via a series of attempted file creations within deleted directories.

Las funciones (1) real_lookup y (2) __lookup_hash en el archivo fs/namei.c en la implementación de vfs en el kernel de Linux anterior a versión 2.6.25.15 no previene la creación de una matriz de elementos secundarios para un directorio eliminado (también se conoce como S_DEAD), que permite a los usuarios locales causar una denegación de servicio ("overflow" del área huérfana UBIFS) por medio de una serie de intentos de creación de archivos sin eliminar los directorios.

It was discovered that there were multiple NULL-pointer function dereferences in the Linux kernel terminal handling code. A local attacker could exploit this to execute arbitrary code as root, or crash the system, leading to a denial of service. The do_change_type routine did not correctly validation administrative users. A local attacker could exploit this to block mount points or cause private mounts to be shared, leading to denial of service or a possible loss of privacy. Tobias Klein discovered that the OSS interface through ALSA did not correctly validate the device number. A local attacker could exploit this to access sensitive kernel memory, leading to a denial of service or a loss of privacy. Zoltan Sogor discovered that new directory entries could be added to already deleted directories. A local attacker could exploit this, filling up available memory and disk space, leading to a denial of service.

*Credits: N/A

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Local

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-07-24 CVE Reserved
2008-08-12 CVE Published
2024-08-07 CVE Updated
2024-08-07 First Exploit
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

CAPEC

References (33)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=d70b67c8bc72ee23b55381bd6a884f4796692f77	X_refsource_confirm
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.15	Broken Link
http://secunia.com/advisories/31551	Broken Link
http://secunia.com/advisories/31614	Broken Link
http://secunia.com/advisories/31836	Broken Link
http://secunia.com/advisories/31881	Broken Link
http://secunia.com/advisories/32023	Broken Link
http://secunia.com/advisories/32104	Broken Link
http://secunia.com/advisories/32190	Broken Link
http://secunia.com/advisories/32344	Broken Link
http://secunia.com/advisories/33201	Broken Link
http://secunia.com/advisories/33280	Broken Link
http://secunia.com/advisories/33556	Broken Link
http://www.securitytracker.com/id?1020739	Third Party Advisory
http://www.vupen.com/english/advisories/2008/2430	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/44410	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10744	Signature
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6551	Signature

URL	Date	SRC
http://lkml.org/lkml/2008/7/2/83	2024-08-07

URL	Date	SRC
http://www.debian.org/security/2008/dsa-1630	2023-02-13
http://www.debian.org/security/2008/dsa-1636	2023-02-13
http://www.securityfocus.com/bid/30647	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=457858	2009-01-14

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html	2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2008:220	2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0787.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0857.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0885.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2008-0973.html	2023-02-13
http://www.redhat.com/support/errata/RHSA-2009-0014.html	2023-02-13
https://usn.ubuntu.com/637-1	2023-02-13
https://access.redhat.com/security/cve/CVE-2008-3275	2009-01-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"		Linux Kernel Search vendor "Linux" for product "Linux Kernel"				< 2.6.25.15 Search vendor "Linux" for product "Linux Kernel" and version " < 2.6.25.15"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				7.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "7.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"		lts		Affected
Suse Search vendor "Suse"		Suse Linux Enterprise Desktop Search vendor "Suse" for product "Suse Linux Enterprise Desktop"				10 Search vendor "Suse" for product "Suse Linux Enterprise Desktop" and version "10"		sp1		Affected
Suse Search vendor "Suse"		Suse Linux Enterprise Server Search vendor "Suse" for product "Suse Linux Enterprise Server"				10 Search vendor "Suse" for product "Suse Linux Enterprise Server" and version "10"		sp1		Affected