CVE-2009-0859
5.6 Medium
AI Score
Confidence
Low
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
9.3%
The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.
| CPE | Name | Operator | Version |
|---|---|---|---|
| linux:linux_kernel | linux linux kernel | le | 2.6.28.4 |
References
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a68e61e8ff2d46327a37b69056998b47745db6fa
kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.5
lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html
lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
marc.info/?l=git-commits-head&m=123387479500599&w=2
marc.info/?l=linux-kernel&m=120428209704324&w=2
marc.info/?l=linux-kernel&m=123309645625549&w=2
openwall.com/lists/oss-security/2009/03/06/1
patchwork.kernel.org/patch/6554/
secunia.com/advisories/34981
secunia.com/advisories/35011
secunia.com/advisories/35121
secunia.com/advisories/35185
secunia.com/advisories/35390
secunia.com/advisories/35394
www.debian.org/security/2009/dsa-1787
www.debian.org/security/2009/dsa-1794
www.debian.org/security/2009/dsa-1800
www.securityfocus.com/bid/34020
www.ubuntu.com/usn/usn-751-1
exchange.xforce.ibmcloud.com/vulnerabilities/49229
Social References
More
Related
5.6 Medium
AI Score
Confidence
Low
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
9.3%