CVE-2008-3915

Linux kernel <2.6.26.4 - Buffer Overflow

Title source: llm

Description

Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl.

References (14)

[Patch] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=91b80969ba466ba4b915a4a1d03add8c297add3f

[Various Sources] http://lkml.org/lkml/2008/9/3/286

[Vendor Advisory] http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4

[Vendor Advisory] http://www.redhat.com/support/errata/RHSA-2008-0857.html

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31133

[Vendor Advisory] http://www.ubuntu.com/usn/usn-659-1

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=461101

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45055

[Third Party Advisory] http://www.debian.org/security/2008/dsa-1636

[Mailing List] http://www.openwall.com/lists/oss-security/2008/09/04/18

[Mailing List] http://www.openwall.com/lists/oss-security/2008/09/04/4

[Third Party Advisory] http://secunia.com/advisories/31881

[Third Party Advisory] http://secunia.com/advisories/32190

[Third Party Advisory] http://secunia.com/advisories/32393

Scores

EPSS 0.0445

EPSS Percentile 88.9%

Classification

CWE

CWE-119

Status draft

Affected Products (50)

linux/linux_kernel

... and 35 more

Timeline

Published Sep 11, 2008

Tracked Since Feb 18, 2026