Lucene search

[email protected]CVE-2009-2584

HistoryJul 23, 2009 - 8:30 p.m.

CVE-2009-2584

2009-07-2320:30:00

CWE-189

[email protected]

web.nvd.nist.gov

cve

2009

sgi

gru

linux kernel

buffer overflow

memory overwrite

privilege escalation

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.0%

JSON

Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privileges via a crafted count argument, which triggers a stack-based buffer overflow.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle2.6.30.2

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	2.6.30.2

References

grsecurity.net/~spender/exploit_demo.c

lkml.org/lkml/2009/7/20/348

lkml.org/lkml/2009/7/20/362

secunia.com/advisories/37105

www.securityfocus.com/bid/35753

www.ubuntu.com/usn/USN-852-1

xorl.wordpress.com/2009/07/21/linux-kernel-sgi-gru-driver-off-by-one-overwrite/

exchange.xforce.ibmcloud.com/vulnerabilities/51887

Social References

6.8 Medium

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2009-2584

prion1 ubuntucve1 openvas1 nessus1 ubuntu1