Lucene search

[email protected]NVD:CVE-2009-2848

HistoryAug 18, 2009 - 9:00 p.m.

CVE-2009-2848

2009-08-1821:00:00

CWE-269

[email protected]

web.nvd.nist.gov

CVSS2

5.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:P/I:P/A:C

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

20.3%

JSON

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.

Affected configurations

Nvd

Node

linuxlinux_kernelRange≤2.6.29.5

linuxlinux_kernelMatch2.6.30-

linuxlinux_kernelMatch2.6.30rc1

linuxlinux_kernelMatch2.6.30rc2

linuxlinux_kernelMatch2.6.30rc3

linuxlinux_kernelMatch2.6.30rc4

linuxlinux_kernelMatch2.6.30rc5

linuxlinux_kernelMatch2.6.30rc6

Node

novelllinux_desktopMatch9

opensuseopensuseMatch11.0

suselinux_enterprise_desktopMatch10sp2

suselinux_enterprise_serverMatch9

suselinux_enterprise_serverMatch10sp2

Node

fedoraprojectfedoraMatch11

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch8.04

canonicalubuntu_linuxMatch8.10

canonicalubuntu_linuxMatch9.04

Node

redhatenterprise_linux_desktopMatch3.0

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_serverMatch3.0

redhatenterprise_linux_serverMatch5.0

redhatenterprise_linux_workstationMatch3.0

redhatenterprise_linux_workstationMatch5.0

Node

vmwareesxMatch4.0

Node

vmwarevmaMatch4.0

AND

redhatenterprise_linuxMatch5.0

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:-:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc1:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc2:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc3:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc4:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc5:*:*:*:*:*:*
linuxlinux_kernel2.6.30cpe:2.3:o:linux:linux_kernel:2.6.30:rc6:*:*:*:*:*:*
novelllinux_desktop9cpe:2.3:o:novell:linux_desktop:9:*:*:*:*:*:*:*
opensuseopensuse11.0cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::
linux	linux_kernel	2.6.30	cpe:2.3:o:linux:linux_kernel:2.6.30:-::::::
linux	linux_kernel	2.6.30	cpe:2.3:o:linux:linux_kernel:2.6.30:rc1::::::
linux	linux_kernel	2.6.30	cpe:2.3:o:linux:linux_kernel:2.6.30:rc2::::::
linux	linux_kernel	2.6.30	cpe:2.3:o:linux:linux_kernel:2.6.30:rc3::::::
linux	linux_kernel	2.6.30	cpe:2.3:o:linux:linux_kernel:2.6.30:rc4::::::
linux	linux_kernel	2.6.30	cpe:2.3:o:linux:linux_kernel:2.6.30:rc5::::::
linux	linux_kernel	2.6.30	cpe:2.3:o:linux:linux_kernel:2.6.30:rc6::::::
novell	linux_desktop	9	cpe:2.3:o:novell:linux_desktop:9:::::::*
opensuse	opensuse	11.0	cpe:2.3:o:opensuse:opensuse:11.0:::::::*