Medium severity5.5NVD Advisory· Published Mar 18, 2009· Updated Apr 23, 2026

CVE-2009-0935

Description

The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device's event list mutex to be unlocked twice and prevents proper synchronization of a data structure for the inotify instance.

Affected products

Linux/Kernel2 versions
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.6.27,<=2.6.27.13
- cpe:2.3:o:linux:linux_kernel:2.6.29:rc3:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

marc.infonvdMailing ListPatch
www.openwall.com/lists/oss-security/2009/03/06/2nvdMailing ListPatch
www.securityfocus.com/bid/33624nvdBroken LinkPatchThird Party AdvisoryVDB Entry
bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
exchange.xforce.ibmcloud.com/vulnerabilities/49331nvdThird Party AdvisoryVDB Entry
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.3nvdBroken Link
www.openwall.com/lists/oss-security/2009/03/18/5nvdMailing List
www.openwall.com/lists/oss-security/2009/03/19/2nvdMailing List

News mentions

No linked articles in our index yet.

cvss	0.358
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000