Lucene search

K
cveRedhatCVE-2009-1897
HistoryJul 20, 2009 - 5:30 p.m.

CVE-2009-1897

2009-07-2017:30:54
CWE-119
redhat
web.nvd.nist.gov
47
linux kernel
2.6.30
2.6.30.1
privilege escalation
null pointer
dereference
tun subsystem
cve-2009-1897

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

High

EPSS

0

Percentile

0.4%

The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.

Affected configurations

Nvd
Node
linuxlinux_kernelMatch2.6.30
OR
linuxlinux_kernelMatch2.6.30rc1
OR
linuxlinux_kernelMatch2.6.30rc2
OR
linuxlinux_kernelMatch2.6.30rc3
OR
linuxlinux_kernelMatch2.6.30rc4x86_32
OR
linuxlinux_kernelMatch2.6.30rc5
OR
linuxlinux_kernelMatch2.6.30rc6
OR
linuxlinux_kernelMatch2.6.30rc7-git6
OR
linuxlinux_kernelMatch2.6.30.1
VendorProductVersionCPE
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:*:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc4:x86_32:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc5:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc6:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc7-git6:*:*:*:*:*:*
linuxlinux_kernel2.6.30.1cpe:2.3:o:linux:linux_kernel:2.6.30.1:*:*:*:*:*:*:*

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.1

Confidence

High

EPSS

0

Percentile

0.4%