Lucene search

K
osvGoogleOSV:DSA-1749-1
HistoryMar 20, 2009 - 12:00 a.m.

linux-2.6 - several vulnerabilities

2009-03-2000:00:00
Google
osv.dev
101

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.949 High

EPSS

Percentile

98.9%

Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service or privilege escalation. The Common
Vulnerabilities and Exposures project identifies the following
problems:

  • CVE-2009-0029
    Christian Borntraeger discovered an issue effecting the alpha,
    mips, powerpc, s390 and sparc64 architectures that allows local
    users to cause a denial of service or potentially gain elevated
    privileges.
  • CVE-2009-0031
    Vegard Nossum discovered a memory leak in the keyctl subsystem
    that allows local users to cause a denial of service by consuming
    all of kernel memory.
  • CVE-2009-0065
    Wei Yongjun discovered a memory overflow in the SCTP
    implementation that can be triggered by remote users.
  • CVE-2009-0269
    Duane Griffin provided a fix for an issue in the eCryptfs
    subsystem which allows local users to cause a denial of service
    (fault or memory corruption).
  • CVE-2009-0322
    Pavel Roskin provided a fix for an issue in the dell_rbu driver
    that allows a local user to cause a denial of service (oops) by
    reading 0 bytes from a sysfs entry.
  • CVE-2009-0676
    Clement LECIGNE discovered a bug in the sock_getsockopt function
    that may result in leaking sensitive kernel memory.
  • CVE-2009-0675
    Roel Kluin discovered inverted logic in the skfddi driver that
    permits local, unprivileged users to reset the driver statistics.
  • CVE-2009-0745
    Peter Kerwien discovered an issue in the ext4 filesystem that
    allows local users to cause a denial of service (kernel oops)
    during a resize operation.
  • CVE-2009-0746
    Sami Liedes reported an issue in the ext4 filesystem that allows
    local users to cause a denial of service (kernel oops) when
    accessing a specially crafted corrupt filesystem.
  • CVE-2009-0747
    David Maciejak reported an issue in the ext4 filesystem that
    allows local users to cause a denial of service (kernel oops) when
    mounting a specially crafted corrupt filesystem.
  • CVE-2009-0748
    David Maciejak reported an additional issue in the ext4 filesystem
    that allows local users to cause a denial of service (kernel oops)
    when mounting a specially crafted corrupt filesystem.

For the oldstable distribution (etch), these problems, where applicable,
will be fixed in future updates to linux-2.6 and linux-2.6.24.

For the stable distribution (lenny), these problems have been fixed in
version 2.6.26-13lenny2.

We recommend that you upgrade your linux-2.6 packages.

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.949 High

EPSS

Percentile

98.9%