CVE-2009-0746

Linux kernel <2.6.27.19-2.6.28.7 - DoS

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0746. PoCs published by Sami Liedes.

AI-analyzed exploit summary This is a writeup describing a local denial-of-service vulnerability in the Linux kernel prior to version 2.6.27.14, caused by improper handling of malformed filesystem images. Exploitation requires the ability to mount filesystems, typically needing privileged access.

Description

The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a crafted ext4 filesystem.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Sami Liedes · textdoslinux

https://www.exploit-db.com/exploits/32775

View Code ZIP pw:eip

This is a writeup describing a local denial-of-service vulnerability in the Linux kernel prior to version 2.6.27.14, caused by improper handling of malformed filesystem images. Exploitation requires the ability to mount filesystems, typically needing privileged access.

Classification

Writeup 90%

Attack Type

Dos

Complexity

Moderate

Reliability

Theoretical

Target: Linux kernel < 2.6.27.14

Auth required

Prerequisites: Ability to mount filesystems · Privileged group membership or root access

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18

Core References

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8039

Various Sources x_refsource_confirm

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.19

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/0509

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2009-1243.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/48872

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://osvdb.org/52202

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-751-1

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/507985/100/0/threaded

Patch x_refsource_confirm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e6b8bc09ba2075cd91fbffefcd2778b1a00bd76f

Various Sources x_refsource_confirm

http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.7

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37471

Vendor Advisory x_refsource_confirm

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2009/dsa-1749

Issue Tracking x_refsource_confirm

http://bugzilla.kernel.org/show_bug.cgi?id=12430

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/36562

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/34394

Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10342

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/3316

Scores

EPSS 0.0027

EPSS Percentile 50.2%

Details

CWE

CWE-20

Status published

Products (26)

linux/linux_kernel 2.6.27

linux/linux_kernel 2.6.27.1

linux/linux_kernel 2.6.27.2

linux/linux_kernel 2.6.27.3

linux/linux_kernel 2.6.27.4

linux/linux_kernel 2.6.27.5

linux/linux_kernel 2.6.27.6

linux/linux_kernel 2.6.27.7

linux/linux_kernel 2.6.27.8

linux/linux_kernel 2.6.27.9

... and 16 more

Published Feb 27, 2009

Tracked Since Feb 18, 2026