nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash option.
Conclusion & alert: CVE-2009-1072 is rated Low Risk (31.3/100): CVSS Medium severity, with low exploitation likelihood (EPSS 0.43%). Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
| # | Date | Old EPSS score | New EPSS score | Delta (New - Old) |
|---|---|---|---|---|
| 1 | 2026-06-15 | 0.59% | 0.43% | -0.16% |
| 2 | 2025-12-08 | 0.80% | 0.59% | -0.21% |
| 3 | 2025-03-30 | — | 0.80% | — |
Full EPSS history (10 records total)
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 4.9 | 2.0 | MEDIUM |
|
3.9 | 6.9 | [email protected] |
| vendor | priority | summary | link |
|---|---|---|---|
redhat
|
medium | — | https://access.redhat.com/security/cve/CVE-2009-1072 |
ubuntu
|
medium | CVE-2009-1072 medium priority: Ubuntu including 3 source packages (linux, linux-source-2.6.15, linux-source-2.6.22), 18 status rows across 6 suites (dapper, gutsy, hardy, intrepid, jaunty, upstream): DNE 10, released 4, needs-triage 3, ignored 1. | https://ubuntu.com/security/CVE-2009-1072 |
This issue has been rated as having moderate security impact. It was addressed in Red Hat Enterprise Linux 4, 5, and Red Hat Enterprise MRG, via https://rhn.redhat.com/errata/RHSA-2009-1132.html , https://rhn.redhat.com/errata/RHSA-2009-1106.html , and https://rhn.redhat.com/errata/RHSA-2009-1081.html . This issue is not planned to be fixed in Red Hat Enterprise Linux 2.1 and 3, due to these products being in Production 3 of their maintenance life-cycles, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/ .
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| linux | linux_kernel | < 2.6.28.9 | cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* |
| opensuse | opensuse | 10.3 | cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:* |
| opensuse | opensuse | 11.0 | cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:* |
| opensuse | opensuse | 11.1 | cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:* |
| suse | linux_enterprise_desktop | 10 | cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:* |
| suse | linux_enterprise_server | 10 | cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:* |
| debian | debian_linux | 4.0 | cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* |
| debian | debian_linux | 5.0 | cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 6.06 | cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 8.04 | cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 8.10 | cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 9.04 | cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* |
| vmware | vcenter_server | 4.0 | cpe:2.3:a:vmware:vcenter_server:4.0:-:*:*:*:*:*:* |
| vmware | virtualcenter | 2.0.2 | cpe:2.3:a:vmware:virtualcenter:2.0.2:*:*:*:*:*:*:* |
| vmware | virtualcenter | 2.5 | cpe:2.3:a:vmware:virtualcenter:2.5:*:*:*:*:*:*:* |
| vmware | server | 2.0.0 | cpe:2.3:a:vmware:server:2.0.0:*:*:*:*:*:*:* |
| vmware | esx | 3.0.3 | cpe:2.3:o:vmware:esx:3.0.3:*:*:*:*:*:*:* |
| vmware | esx | 3.5 | cpe:2.3:o:vmware:esx:3.5:*:*:*:*:*:*:* |
| vmware | esx | 4.0 | cpe:2.3:o:vmware:esx:4.0:*:*:*:*:*:*:* |
| vmware | vma | 4.0 | cpe:2.3:a:vmware:vma:4.0:*:*:*:*:*:*:* |