What is CVE-2009-3623?

CVE-2009-3623 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10. CVE-2009-3623 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2009-3623?

CVE-2009-3623 has a CVSS score of 7.8 out of 10, rated High severity. The vector string is AV:N/AC:L/Au:N/C:N/I:N/A:C.

Is there a patch available for CVE-2009-3623?

No patch is currently available for CVE-2009-3623. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2009-3623 actively exploited?

CVE-2009-3623 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

CVE-2009-3623

High

The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to cause a denial of service (NULL pointer dereference and system crash) via an NFSv4 mount request.

Package Linux Kernel

Published 2009-10-30

Last modified 2026-04-23

CVSS version 2.0

Patch available

Awaiting data

CVSS 2.0 score

7.8

out of 10

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

User Interaction

Scope

Confidentiality

Low

Integrity

None

Availability

Vector string

AV:N/AC:L/Au:N/C:N/I:N/A:C

Weakness type

CWE-287

CVE-2009-3623 is classified as CWE-287

See CWE-287 on MITRE CWE for full details on this weakness type.

References

The following references provide additional information about CVE-2009-3623 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Marc
http://marc.info/?l=oss-security&m=125618753029631&w=2
Marc
http://marc.info/?l=oss-security&m=125624036516377&w=2
Kernel.org
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.2
Kernel.org
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc1
Ubuntu Security
http://www.ubuntu.com/usn/usn-864-1
Red Hat
https://bugzilla.redhat.com/show_bug.cgi?id=530269
Kernel patch commit
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=80fc015bdfe1f5b870c1e1ee02d78e709523fee7
Patch
Kernel patch commit
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=886e3b7fe6054230c89ae078a09565ed183ecc73
Patch

Details

CVE ID CVE-2009-3623

Severity High

CVSS score 7.8 / 10

CVSS version 2.0

Published 2009-10-30

Modified 2026-04-23

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2009-3623?

CVE-2009-3623 is a High severity Linux kernel vulnerability with a CVSS score of 7.8 out of 10 . CVE-2009-3623 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2009-3623?

CVE-2009-3623 has a CVSS score of 7.8 out of 10, rated High severity (CVSS 2.0). The vector string is AV:N/AC:L/Au:N/C:N/I:N/A:C.
Is there a patch available for CVE-2009-3623?

No patch is currently available for CVE-2009-3623. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2009-3623 actively exploited?

No — CVE-2009-3623 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.