CVE-2009-1072

medium

VMware

CVSS v3 Base Score

4.9

AV:L/AC:L/Au:N/C:N/I:C/A:N

EPSS Score

0.6%

Exploitation probability in 30 days

Top 31% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Confidentiality

None

Integrity

Availability

None

Published: March 25, 2009 (6259 days ago)

Last Modified: April 23, 2026

Vendor: VMware

Source: NVD

Description

nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.

CWE

CWE-16

Affected Products

linux linux kernelopensuse opensusesuse linux enterprise desktopsuse linux enterprise serverdebian debian linuxcanonical ubuntu linuxvmware vcenter servervmware virtualcentervmware servervmware esx

References

🔗 git.kernel.org 🔗 lists.opensuse.org 🔗 lists.opensuse.org 🔗 lists.opensuse.org 🔗 lists.opensuse.org

CVE-2009-1072

Vulnerability Report

Description

CWE

Affected Products

References