{
  "threat_severity" : "Important",
  "public_date" : "2008-10-22T00:00:00Z",
  "bugzilla" : {
    "description" : "kernel: nfsv4: kernel panic in nfs4_proc_lock()",
    "id" : "529227",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=529227"
  },
  "cvss" : {
    "cvss_base_score" : "7.2",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-662->CWE-362->CWE-672->CWE-476",
  "details" : [ "The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state." ],
  "statement" : "The Linux kernel as shipped with Red Hat Enterprise Linux 3 did not have support for NFSv4, and therefore is not affected by this issue. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0474.html, https://rhn.redhat.com/errata/RHSA-2009-1670.html and https://rhn.redhat.com/errata/RHSA-2009-1635.html respectively.",
  "acknowledgement" : "Red Hat would like to thank Simon Vallet for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "MRG for RHEL-5",
    "release_date" : "2009-12-03T00:00:00Z",
    "advisory" : "RHSA-2009:1635",
    "cpe" : "cpe:/a:redhat:enterprise_mrg:1::el5",
    "package" : "kernel-rt-0:2.6.24.7-139.el5rt"
  }, {
    "product_name" : "Red Hat Enterprise Linux 4",
    "release_date" : "2010-06-15T00:00:00Z",
    "advisory" : "RHSA-2010:0474",
    "cpe" : "cpe:/o:redhat:enterprise_linux:4",
    "package" : "kernel-0:2.6.9-89.0.26.EL"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2009-12-15T00:00:00Z",
    "advisory" : "RHSA-2009:1670",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-164.9.1.el5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2009-3726\nhttps://nvd.nist.gov/vuln/detail/CVE-2009-3726" ],
  "name" : "CVE-2009-3726",
  "csaw" : false
}