Linux NULL pointer dereference vulnerability - CVE-2009-2692


**Note**: Versions that are not listed in this article have not been evaluated for vulnerability to this security advisory. For information about the F5 security policy regarding evaluating older and unsupported versions of F5 products, refer to [K4602: Overview of F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>). **F5 products and versions that have been evaluated for this Security Advisory** Product| Affected| Not Affected ---|---|--- BIG-IP LTM| None| 9.x 10.x 11.x BIG-IP GTM| None| 9.x 10.x 11.x BIG-IP ASM| None | 9.x 10.x 11.x BIG-IP Link Controller| None | 9.x 10.x 11.x BIG-IP WebAccelerator| None | 9.x 10.x 11.x BIG-IP PSM| None | 9.x 10.x 11.x BIG-IP WAN Optimization| None | 10.x 11.x BIG-IP APM| None | 10.x 11.x BIG-IP Edge Gateway| None | 10.x 11.x BIG-IP Analytics| None| 11.x BIG-IP AFM| None| 11.x BIG-IP PEM| None| 11.x BIG-IP AAM| None| 11.x FirePass| None| 5.x 6.x 7.x Enterprise Manager| None| 1.x 2.x 3.x ARX| None | 2.x 3.x 4.x 5.x 6.x The Linux kernel 2.6.0 through, and 2.4.4 through, do not initialize all function pointers for socket operations in proto_ops structures. As a result, local users may be allowed to trigger a NULL pointer dereference. Information about this advisory is available at the following location: <https://vulners.com/cve/CVE-2009-2692> **Note**: As a result of a typo, this advisory was also referred to as CVE-2009-2962. Be advised that CVE-2009-2962 was removed as a duplicate of CVE-2009-2692. For information, refer to [https://vulners.com/cve/CVE-2009-2962](<https://vulners.com/cve/CVE-2009-2962>). This link takes you to a resource outside of AskF5, and it is possible that the information may be removed without our knowledge.