CVE-2009-1630

Linux Kernel < 2.6.29.3 - Access Control

Title source: rule

Description

The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass permissions and execute files, as demonstrated by files on an NFSv4 fileserver.

References (32)

... and 12 more

Scores

EPSS 0.0011
EPSS Percentile 29.2%

Classification

CWE
CWE-264
Status draft

Affected Products (13)

linux/linux_kernel < 2.6.29.3
opensuse/opensuse
opensuse/opensuse
debian/debian_linux
debian/debian_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
vmware/esx
vmware/esx
vmware/esx
vmware/esx

Timeline

Published May 14, 2009
Tracked Since Feb 18, 2026