[VIM] CVE-2006-5158 (NFS lockd in Linux) - more than SUSE

Steven M. Christey coley at mitre.org
Tue Oct 10 14:17:53 EDT 2006

FYI, this was originally thought to be SUSE-specific based on CVE's
interpretation of SUSE'S advisory text, but we were just notified that
this affects the kernel itself, so other distros may be affected as

This was not originally presented as an attacker-controllable DoS,
which is why the original post/patch dates are so old.

The current CVE desc tries to resolve why SuSE said "deadlock" from
the "oops" in the patch, but it's a bit of a guess.

- Steve

Name: CVE-2006-5158
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5158
Reference: MLIST:[linux-kernel] 20051216 lockd: couldn't create RPC handle for (host)
Reference: URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=113476665626446&w=2
Reference: MLIST:[linux-kernel] 20051218 Re: lockd: couldn't create RPC handle for (host)
Reference: URL:http://marc.theaimsgroup.com/?l=linux-kernel&m=113494474208973&w=2
Reference: CONFIRM:http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=9b5b1f5bf9dcdb6f23abf65977a675eb4deba3c0
Reference: SUSE:SUSE-SA:2006:057
Reference: URL:http://www.novell.com/linux/security/advisories/2006_57_kernel.html

The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel
before 2.6.16 allows remote attackers to cause a denial of service
(process crash) and deny access to NFS exports via unspecified vectors
that trigger a kernel oops (null dereference) and a deadlock.

More information about the VIM mailing list