CVE-2009-4131 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-4131 PUBLISHED CVSS 7.199999809265137 HIGH

The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.

EPSS 0.08% · 24.4th percentile

Risk Scores

CVSS v2.0

7.199999809265137

EPSS Score

0.08%

24.4th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	2.6.32, 0, 0
n/a	n/a	n/a

Timeline

Nov 9, 2009 PoC Published
Dec 13, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score

References

https://bugzilla.redhat.com/show_bug.cgi?id=544471 url
[linux-kernel] 20091209 [GIT PULL] ext4 updates for v2.6.33 mailing-list
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git6.log url
http://git.kernel.org/?p=linux/kernel/git/tytso/ext4.git%3Ba=commit%3Bh=4a58579b9e4e2a35d57e6c9c8483e52f6f1b7fd6 url
SUSE-SA:2010:001 vendor-advisory
MDVSA-2009:329 vendor-advisory
USN-869-1 vendor-advisory
37686 third-party-advisory
37658 third-party-advisory
ADV-2009-3468 vdb
http://www.theregister.co.uk/2009/12/11/linux_kernel_bugs_patched/ url
FEDORA-2009-13039 vendor-advisory
38017 third-party-advisory
37277 vdb
https://nvd.nist.gov/vuln/detail/CVE-2009-4131 advisory
https://access.redhat.com/security/cve/CVE-2009-4131 url
http://git.kernel.org/?p=linux/kernel/git/tytso/ext4.git;a=commit;h=4a58579b9e4e2a35d57e6c9c8483e52f6f1b7fd6 url
http://www.theregister.co.uk/2009/12/11/linux_kernel_bugs_patched url

Open in Interactive Console →