CVE-2009-1961

MEDIUM

Linux Kernel < 2.6.19 - Denial of Service via Inode Double Locking Deadlock

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-1961. PoCs published by Miklos Szeredi.

AI-analyzed exploit summary This exploit triggers a local denial-of-service vulnerability in the Linux kernel by using the splice system call on a pipe and a file descriptor, causing the process to hang. The issue affects kernels from 2.6.19 up to fixed versions 2.6.30-rc3, 2.6.27.24, and 2.6.29.4.

Description

The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of file creation and removal) via a series of splice system calls that trigger a deadlock between the generic_file_splice_write, splice_from_pipe, and ocfs2_file_splice_write functions.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Miklos Szeredi · cdoslinux
https://www.exploit-db.com/exploits/33015

This exploit triggers a local denial-of-service vulnerability in the Linux kernel by using the splice system call on a pipe and a file descriptor, causing the process to hang. The issue affects kernels from 2.6.19 up to fixed versions 2.6.30-rc3, 2.6.27.24, and 2.6.29.4.

Classification
Working Poc 90%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Linux Kernel 2.6.19 to 2.6.29.3
No auth needed
Prerequisites: Local access to the system · Ability to execute arbitrary code
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (20)

Core 20
Core References
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1157.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35390
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35656
Mailing List, Patch vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1844
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1022307
Exploit, Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/06/02/2
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36051
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-793-1
Exploit, Mailing List, Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/05/30/1
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/35143
Exploit, Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/06/03/1
Mailing List, Patch mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/05/29/2
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35394
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35847

Scores

CVSS v3 4.7
EPSS 0.0059
EPSS Percentile 43.4%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-667
Status published
Products (12)
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 8.10
canonical/ubuntu_linux 9.04
debian/debian_linux 4.0
linux/linux_kernel 2.6.30 rc1 (2 CPE variants)
linux/linux_kernel < 2.6.19
opensuse/opensuse 10.3
opensuse/opensuse 11.1
suse/linux_enterprise 11.0
... and 2 more
Published Jun 08, 2009
Tracked Since Feb 18, 2026