Unrated severityNVD Advisory· Published Sep 22, 2009· Updated Jun 16, 2026

CVE-2009-3286

Description

NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privileges, related to the execution of the do_open_permission function even when a create fails.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:2.6.18:*:*:*:*:*:*:*
Linux/Linux kernelllm-fuzzy
Range: 2.6.18

Patches

Vulnerability mechanics

References

secunia.com/advisories/37105nvdVendor Advisory
secunia.com/advisories/38794nvdVendor Advisory
secunia.com/advisories/38834nvdVendor Advisory
www.vupen.com/english/advisories/2010/0528nvdVendor Advisory
git.kernel.orgnvd
lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.htmlnvd
lists.vmware.com/pipermail/security-announce/2010/000082.htmlnvd
www.openwall.com/lists/oss-security/2009/09/21/2nvd
www.ubuntu.com/usn/USN-852-1nvd
bugzilla.redhat.com/show_bug.cginvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7527nvd
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9757nvd
rhn.redhat.com/errata/RHSA-2009-1548.htmlnvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000