CVE-2009-3547 [High] | Denial of Service in Linux Kernel

CVE-2009-3547 is rated High Exploit Risk (77.8/100): CVSS High severity, with high exploitation likelihood (EPSS 4.93%, 91th percentile). 7 public exploit reference(s) are indexed (Exploit-DB). EPSS rose +2.92% over the last day, indicating growing attacker interest. Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

EDB-ID	Source	Kind	Published	Link
40812	exploit_db	edb	2013-12-16	Exploit-DB ↗
10018	exploit_db	edb	2009-11-12	Exploit-DB ↗
9844	exploit_db	edb	2009-11-05	Exploit-DB ↗
33322	exploit_db	edb	2009-11-03	Exploit-DB ↗
33321	exploit_db	edb	2009-11-03	Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

40812

exploit_db

edb

2013-12-16

Exploit-DB ↗

10018

exploit_db

edb

2009-11-12

Exploit-DB ↗

9844

exploit_db

edb

2009-11-05

Exploit-DB ↗

33322

exploit_db

edb

2009-11-03

Exploit-DB ↗

33321

exploit_db

edb

2009-11-03

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-06-15	2.01%	4.93%	+2.92%
2	2026-06-08	3.15%	2.01%	-1.14%
3	2026-04-08	—	3.15%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-06-15

2.01%

4.93%

+2.92%

2026-06-08

3.15%

2.01%

-1.14%

2026-04-08

—

3.15%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
7.0	3.1	HIGH	`CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H` Click to expand Attack vector (AV:L) They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:L) A normal user session is enough; they don’t have to be admin. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:H) They could widely tamper with or forge data—trust in the data is badly hurt. Availability (A:H) Could take the service down hard or make it unusable for people who depend on it.	1.0	5.9	[email protected]
6.9	2.0	MEDIUM	`AV:L/AC:M/Au:N/C:C/I:C/A:C` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:C) Complete confidentiality impact. Integrity impact (I:C) Complete integrity impact. Availability impact (A:C) Complete availability impact.	3.4	10.0	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

7.0

3.1

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Click to expand

Attack vector (AV:L): They already need access on the box, or another person has to do something wrong; it’s not a remote drive-by.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:L): A normal user session is enough; they don’t have to be admin.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:H): They could widely tamper with or forge data—trust in the data is badly hurt.
Availability (A:H): Could take the service down hard or make it unusable for people who depend on it.

1.0

5.9

[email protected]

6.9

2.0

MEDIUM

AV:L/AC:M/Au:N/C:C/I:C/A:C Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:C): Complete confidentiality impact.
Integrity impact (I:C): Complete integrity impact.
Availability impact (A:C): Complete availability impact.

3.4

10.0

[email protected]

Weakness enumeration for CVE-2009-3547

OS Trackers for CVE-2009-3547

vendor	priority	summary	link
`redhat`	high	—	https://access.redhat.com/security/cve/CVE-2009-3547
`ubuntu`	medium	CVE-2009-3547 medium priority: Ubuntu including 2 source packages (linux, linux-source-2.6.15), 12 status rows across 6 suites (dapper, hardy, intrepid, jaunty, karmic, upstream): released 7, DNE 5.	https://ubuntu.com/security/CVE-2009-3547

Affected software / configurations for CVE-2009-3547

Vendor	Product	Version	Raw CPE
linux	linux_kernel	<= 2.6.31.14	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	2.6.32	cpe:2.3:o:linux:linux_kernel:2.6.32:-::::::
linux	linux_kernel	2.6.32	cpe:2.3:o:linux:linux_kernel:2.6.32:rc1::::::
linux	linux_kernel	2.6.32	cpe:2.3:o:linux:linux_kernel:2.6.32:rc2::::::
linux	linux_kernel	2.6.32	cpe:2.3:o:linux:linux_kernel:2.6.32:rc3::::::
linux	linux_kernel	2.6.32	cpe:2.3:o:linux:linux_kernel:2.6.32:rc4::::::
linux	linux_kernel	2.6.32	cpe:2.3:o:linux:linux_kernel:2.6.32:rc5::::::
novell	linux_desktop	9	cpe:2.3:o:novell:linux_desktop:9:::::::*
opensuse	opensuse	11.0	cpe:2.3:o:opensuse:opensuse:11.0:::::::*
opensuse	opensuse	11.2	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
suse	suse_linux_enterprise_desktop	10	cpe:2.3:o:suse:suse_linux_enterprise_desktop:10:sp2::::::
suse	suse_linux_enterprise_server	10	cpe:2.3:o:suse:suse_linux_enterprise_server:10:sp2::::::
canonical	ubuntu_linux	6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
canonical	ubuntu_linux	8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04:::::::*
canonical	ubuntu_linux	8.10	cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
canonical	ubuntu_linux	9.04	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
canonical	ubuntu_linux	9.10	cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
fedoraproject	fedora	10	cpe:2.3:o:fedoraproject:fedora:10:::::::*
vmware	vma	4.0	cpe:2.3:a:vmware:vma:4.0:::::::*
vmware	esx	4.0	cpe:2.3:o:vmware:esx:4.0:::::::*
redhat	mrg_realtime	1.0	cpe:2.3:a:redhat:mrg_realtime:1.0:::::::*
redhat	enterprise_linux_desktop	3.0	cpe:2.3:o:redhat:enterprise_linux_desktop:3.0:::::::*
redhat	enterprise_linux_desktop	4.0	cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:::::::*
redhat	enterprise_linux_desktop	5.0	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
redhat	enterprise_linux_eus	4.8	cpe:2.3:o:redhat:enterprise_linux_eus:4.8:::::::*
redhat	enterprise_linux_eus	5.4	cpe:2.3:o:redhat:enterprise_linux_eus:5.4:::::::*
redhat	enterprise_linux_server	3.0	cpe:2.3:o:redhat:enterprise_linux_server:3.0:::::::*
redhat	enterprise_linux_server	4.0	cpe:2.3:o:redhat:enterprise_linux_server:4.0:::::::*
redhat	enterprise_linux_server	5.0	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
redhat	enterprise_linux_workstation	3.0	cpe:2.3:o:redhat:enterprise_linux_workstation:3.0:::::::*
redhat	enterprise_linux_workstation	4.0	cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:::::::*
redhat	enterprise_linux_workstation	5.0	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*

References for CVE-2009-3547

URL	Tags
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ad3960243e55320d74195fb85c975e0a8cc4466c	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html	Broken Link Mailing List Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000082.html	Mailing List Third Party Advisory
http://lkml.org/lkml/2009/10/14/184	Exploit Mailing List
http://lkml.org/lkml/2009/10/21/42	Mailing List Patch
http://marc.info/?l=oss-security&m=125724568017045&w=2	Mailing List Third Party Advisory
http://secunia.com/advisories/37351	Broken Link
http://secunia.com/advisories/38017	Broken Link
http://secunia.com/advisories/38794	Broken Link
http://secunia.com/advisories/38834	Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc6	Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:329	Broken Link
http://www.redhat.com/support/errata/RHSA-2009-1672.html	Broken Link
http://www.securityfocus.com/archive/1/512019/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/36901	Broken Link Exploit Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-864-1	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0528	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=530490	Issue Tracking Patch Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11513	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7608	Broken Link Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9327	Broken Link Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2009-1540.html	Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2009-1541.html	Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2009-1548.html	Third Party Advisory
https://rhn.redhat.com/errata/RHSA-2009-1550.html	Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html	Mailing List

URL

CVE-2009-3547

Public exploit references (Exploit-DB) for CVE-2009-3547

Exploit prediction scoring system (EPSS) score for CVE-2009-3547

Common vulnerability scoring system (CVSS) metrics for CVE-2009-3547

Weakness enumeration for CVE-2009-3547

OS Trackers for CVE-2009-3547

Affected software / configurations for CVE-2009-3547

References for CVE-2009-3547