CVE-2008-3915

critical

Description

Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/45055

https://bugzilla.redhat.com/show_bug.cgi?id=461101

http://www.ubuntu.com/usn/usn-659-1

http://www.securityfocus.com/bid/31133

http://www.redhat.com/support/errata/RHSA-2008-0857.html

http://www.openwall.com/lists/oss-security/2008/09/04/4

http://www.openwall.com/lists/oss-security/2008/09/04/18

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.4

http://www.debian.org/security/2008/dsa-1636

http://secunia.com/advisories/32393

http://secunia.com/advisories/32190

http://secunia.com/advisories/31881

http://lkml.org/lkml/2008/9/3/286

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=91b80969ba466ba4b915a4a1d03add8c297add3f

Details

Source: Mitre, NVD

Published: 2008-09-11

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.05797

Detections

Analytics