CVE-2009-0029
6.2 Medium
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%
The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.
References
lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html
marc.info/?l=linux-kernel&m=123155111608910&w=2
secunia.com/advisories/33477
secunia.com/advisories/33674
secunia.com/advisories/34394
secunia.com/advisories/34981
secunia.com/advisories/35011
www.debian.org/security/2009/dsa-1749
www.debian.org/security/2009/dsa-1787
www.debian.org/security/2009/dsa-1794
www.mandriva.com/security/advisories?name=MDVSA-2009:135
www.securityfocus.com/bid/33275
bugzilla.redhat.com/show_bug.cgi?id=479969
www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html
Social References
More
Related
6.2 Medium
AI Score
Confidence
High
7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.3%