Lucene search

K
cveMitreCVE-2009-2848
HistoryAug 18, 2009 - 9:00 p.m.

CVE-2009-2848

2009-08-1821:00:00
CWE-269
mitre
web.nvd.nist.gov
88
3
linux kernel
2.6.30-rc6
privilege escalation
clone system call
cve-2009-2848
nvd

CVSS2

5.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:P/A:C

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

20.3%

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.

Affected configurations

Nvd
Node
linuxlinux_kernelRange2.6.29.5
OR
linuxlinux_kernelMatch2.6.30-
OR
linuxlinux_kernelMatch2.6.30rc1
OR
linuxlinux_kernelMatch2.6.30rc2
OR
linuxlinux_kernelMatch2.6.30rc3
OR
linuxlinux_kernelMatch2.6.30rc4
OR
linuxlinux_kernelMatch2.6.30rc5
OR
linuxlinux_kernelMatch2.6.30rc6
Node
novelllinux_desktopMatch9
OR
opensuseopensuseMatch11.0
OR
suselinux_enterprise_desktopMatch10sp2
OR
suselinux_enterprise_serverMatch9
OR
suselinux_enterprise_serverMatch10sp2
Node
fedoraprojectfedoraMatch11
Node
canonicalubuntu_linuxMatch6.06
OR
canonicalubuntu_linuxMatch8.04
OR
canonicalubuntu_linuxMatch8.10
OR
canonicalubuntu_linuxMatch9.04
Node
redhatenterprise_linux_desktopMatch3.0
OR
redhatenterprise_linux_desktopMatch5.0
OR
redhatenterprise_linux_serverMatch3.0
OR
redhatenterprise_linux_serverMatch5.0
OR
redhatenterprise_linux_workstationMatch3.0
OR
redhatenterprise_linux_workstationMatch5.0
Node
vmwareesxMatch4.0
Node
vmwarevmaMatch4.0
AND
redhatenterprise_linuxMatch5.0
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:-:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc4:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc5:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc6:*:*:*:*:*:*
novelllinux_desktop9cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*
opensuseopensuse11.0cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
Rows per page:
1-10 of 271

References

Social References

More

CVSS2

5.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:P/A:C

AI Score

6.2

Confidence

High

EPSS

0.001

Percentile

20.3%