CVE-2009-2692
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/08/2009
Last modified:
09/04/2025
Description
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Impact
Base Score 3.x
7.80
Severity 3.x
HIGH
Base Score 2.0
7.20
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.4.4 (including) | 2.4.37.5 (excluding) |
| cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* | 2.6.0 (including) | 2.6.30.5 (excluding) |
| cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:suse:linux_enterprise_real_time:10:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:* | ||
| cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html
- http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba%3Dcommit%3Bh%3Dc18d0fe535a73b219f960d1af3d0c264555a12e3
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommit%3Bh%3De694958388c50148389b0e9b9e9e8945cf0f1b98
- http://grsecurity.net/~spender/wunderbar_emporium.tgz
- http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
- http://rhn.redhat.com/errata/RHSA-2009-1222.html
- http://rhn.redhat.com/errata/RHSA-2009-1223.html
- http://secunia.com/advisories/36278
- http://secunia.com/advisories/36289
- http://secunia.com/advisories/36327
- http://secunia.com/advisories/36430
- http://secunia.com/advisories/37298
- http://secunia.com/advisories/37471
- http://support.avaya.com/css/P8/documents/100067254
- http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121
- http://www.debian.org/security/2009/dsa-1865
- http://www.exploit-db.com/exploits/19933
- http://www.exploit-db.com/exploits/9477
- http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A233
- http://www.openwall.com/lists/oss-security/2009/08/14/1
- http://www.redhat.com/support/errata/RHSA-2009-1233.html
- http://www.securityfocus.com/archive/1/505751/100/0/threaded
- http://www.securityfocus.com/archive/1/505912/100/0/threaded
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/archive/1/512019/100/0/threaded
- http://www.securityfocus.com/bid/36038
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/2272
- http://www.vupen.com/english/advisories/2009/3316
- http://zenthought.org/content/file/android-root-2009-08-16-source
- https://bugzilla.redhat.com/show_bug.cgi?id=516949
- https://issues.rpath.com/browse/RPL-3103
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657
- http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html
- http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba%3Dcommit%3Bh%3Dc18d0fe535a73b219f960d1af3d0c264555a12e3
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba%3Dcommit%3Bh%3De694958388c50148389b0e9b9e9e8945cf0f1b98
- http://grsecurity.net/~spender/wunderbar_emporium.tgz
- http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
- http://rhn.redhat.com/errata/RHSA-2009-1222.html
- http://rhn.redhat.com/errata/RHSA-2009-1223.html
- http://secunia.com/advisories/36278
- http://secunia.com/advisories/36289
- http://secunia.com/advisories/36327
- http://secunia.com/advisories/36430
- http://secunia.com/advisories/37298
- http://secunia.com/advisories/37471
- http://support.avaya.com/css/P8/documents/100067254
- http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121
- http://www.debian.org/security/2009/dsa-1865
- http://www.exploit-db.com/exploits/19933
- http://www.exploit-db.com/exploits/9477
- http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6
- http://www.mandriva.com/security/advisories?name=MDVSA-2009%3A233
- http://www.openwall.com/lists/oss-security/2009/08/14/1
- http://www.redhat.com/support/errata/RHSA-2009-1233.html
- http://www.securityfocus.com/archive/1/505751/100/0/threaded
- http://www.securityfocus.com/archive/1/505912/100/0/threaded
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.securityfocus.com/archive/1/512019/100/0/threaded
- http://www.securityfocus.com/bid/36038
- http://www.vmware.com/security/advisories/VMSA-2009-0016.html
- http://www.vupen.com/english/advisories/2009/2272
- http://www.vupen.com/english/advisories/2009/3316
- http://zenthought.org/content/file/android-root-2009-08-16-source
- https://bugzilla.redhat.com/show_bug.cgi?id=516949
- https://issues.rpath.com/browse/RPL-3103
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657