CVE-2009-2848

2009-08-1821:00:00

CWE-269

[email protected]

web.nvd.nist.gov

linux kernel

2.6.30-rc6

privilege escalation

clone system call

cve-2009-2848

nvd

5.3 Medium

AI Score

Confidence

High

5.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:P/A:C

0.001 Low

EPSS

Percentile

18.9%

JSON

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.30
linux:linux_kernellinux linux kernelle2.6.29.5
suse:linux_enterprise_serversuse linux enterprise servereq9
novell:linux_desktopnovell linux desktopeq9
opensuse:opensuseopensuseeq11.0
suse:linux_enterprise_serversuse linux enterprise servereq10
suse:linux_enterprise_desktopsuse linux enterprise desktopeq10
fedoraproject:fedorafedoraproject fedoraeq11
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.10

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.30
linux:linux_kernel	linux linux kernel	le	2.6.29.5
suse:linux_enterprise_server	suse linux enterprise server	eq	9
novell:linux_desktop	novell linux desktop	eq	9
opensuse:opensuse	opensuse	eq	11.0
suse:linux_enterprise_server	suse linux enterprise server	eq	10
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	10
fedoraproject:fedora	fedoraproject fedora	eq	11
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.10