CVE-2009-3726

Name: CVE-2009-3726
Creator: NVD / NIST
Published: 2009-11-09T19:30:00.36+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 12.00%

Last modified Jun 16, 2026

CVE-2009-3726 is a vulnerability of currently unknown severity. The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.. EPSS estimates a 12.00% chance of exploitation in the next 30 days.

Description

The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect file attributes, which trigger attempted use of an open file that lacks NFSv4 state.

Metrics

EPSS Probability

12.00%

95.6th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-399

Affected Software

Vendor	Product	Versions	Update
Linux	Linux Kernel	<= 2.6.31	Rc3
Linux	Linux Kernel	2.2.27	—
Linux	Linux Kernel	2.4.1	—
Linux	Linux Kernel	2.4.2	—
Linux	Linux Kernel	2.4.3	—
Linux	Linux Kernel	2.4.4	—
Linux	Linux Kernel	2.4.5	—
Linux	Linux Kernel	2.4.6	—
Linux	Linux Kernel	2.4.7	—
Linux	Linux Kernel	2.4.8	—
Linux	Linux Kernel	2.4.9	—
Linux	Linux Kernel	2.4.10	—
Linux	Linux Kernel	2.4.11	—
Linux	Linux Kernel	2.4.12	—
Linux	Linux Kernel	2.4.13	—
Linux	Linux Kernel	2.4.14	—
Linux	Linux Kernel	2.4.15	—
Linux	Linux Kernel	2.4.16	—
Linux	Linux Kernel	2.4.17	—
Linux	Linux Kernel	2.4.18	—
Linux	Linux Kernel	2.4.19	—
Linux	Linux Kernel	2.4.20	—
Linux	Linux Kernel	2.4.21	—
Linux	Linux Kernel	2.4.22	—
Linux	Linux Kernel	2.4.23	—
Linux	Linux Kernel	2.4.24	—
Linux	Linux Kernel	2.4.25	—
Linux	Linux Kernel	2.4.26	—
Linux	Linux Kernel	2.4.27	—
Linux	Linux Kernel	2.4.28	—
Linux	Linux Kernel	2.4.29	—
Linux	Linux Kernel	2.4.30	—
Linux	Linux Kernel	2.4.31	—
Linux	Linux Kernel	2.4.32	—
Linux	Linux Kernel	2.4.33	—
Linux	Linux Kernel	2.4.34.3	—
Linux	Linux Kernel	2.4.34.4	—
Linux	Linux Kernel	2.4.34.5	—
Linux	Linux Kernel	2.4.34.6	—
Linux	Linux Kernel	2.4.35.1	—
Linux	Linux Kernel	2.4.35.2	—
Linux	Linux Kernel	2.4.35.3	—
Linux	Linux Kernel	2.4.35.4	—
Linux	Linux Kernel	2.4.35.5	—
Linux	Linux Kernel	2.4.36	—
Linux	Linux Kernel	2.4.36.1	—
Linux	Linux Kernel	2.4.36.2	—
Linux	Linux Kernel	2.4.36.3	—
Linux	Linux Kernel	2.4.36.4	—
Linux	Linux Kernel	2.4.36.5	—

Showing 50 of 342 affected configurations. See NVD for the full list.

References

Timeline

Published: Nov 9, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-3726?

How severe is CVE-2009-3726?

Severity scoring for CVE-2009-3726 is pending analysis. The EPSS model estimates a 12.00% probability of exploitation in the next 30 days.

How do I fix CVE-2009-3726?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-3726?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST