kernel panics in nfs4_proc_lock() - CVE-2009-3726.

Solution Unverified - Updated -

Issue

  • System crashes with following panic message:

    Unable to handle kernel NULL pointer dereference at 0000000000000030 RIP:
 [<ffffffff8837b210>] :nfs:nfs4_proc_lock+0x21f/0x3ad
PGD 1026eec067 PUD 1026f2f067 PMD 0
Oops: 0000 [1] SMP
last sysfs file: /block/dm-1/range
CPU 0
Modules linked in: ipmi_devintf ipmi_si ipmi_msghandler nfs lockd fscache
nfs_acl sunrpc bonding ipv6 xfrm_nalgo crypto_api video hwmon backlight sbs
i2c_ec button battery asus_acpi acpi_memhotplug ac joydev sg shpchp i2c_nforce2
i2c_core forcedeth dm_snapshot dm_zero dm_mod sata_nv libata mptsas mptscsih
mptbase scsi_transport_sas sd_mod scsi_mod ext3 jbd uhci_hcd ohci_hcd ehci_hcd
Pid: 4070, comm: XMLMissingField Not tainted 2.6.18-164.2.1.el5 #1
RIP: 0010:[<ffffffff8837b210>]  [<ffffffff8837b210>]
:nfs:nfs4_proc_lock+0x21f/0x3ad

Environment

  • Red Hat Enterprise Linux 4 and 5

  • MRG 1.1

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content