CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
90.7%
Solar Designer discovered that the z90crypt driver did not correctly
check capabilities. A local attacker could exploit this to shut down
the device, leading to a denial of service. Only affected Ubuntu 6.06.
(CVE-2009-1883)
Michael Buesch discovered that the SGI GRU driver did not correctly check
the length when setting options. A local attacker could exploit this
to write to the kernel stack, leading to root privilege escalation or
a denial of service. Only affected Ubuntu 8.10 and 9.04. (CVE-2009-2584)
It was discovered that SELinux did not fully implement the mmap_min_addr
restrictions. A local attacker could exploit this to allocate the
NULL memory page which could lead to further attacks against kernel
NULL-dereference vulnerabilities. Ubuntu 6.06 was not affected.
(CVE-2009-2695)
Cagri Coltekin discovered that the UDP stack did not correctly handle
certain flags. A local user could send specially crafted commands and
traffic to gain root privileges or crash the systeam, leading to a denial
of service. Only affected Ubuntu 6.06. (CVE-2009-2698)
Hiroshi Shimamoto discovered that monotonic timers did not correctly
validate parameters. A local user could make a specially crafted timer
request to gain root privileges or crash the system, leading to a denial
of service. Only affected Ubuntu 9.04. (CVE-2009-2767)
Michael Buesch discovered that the HPPA ISA EEPROM driver did not
correctly validate positions. A local user could make a specially crafted
request to gain root privileges or crash the system, leading to a denial
of service. (CVE-2009-2846)
Ulrich Drepper discovered that kernel signal stacks were not being
correctly padded on 64-bit systems. A local attacker could send specially
crafted calls to expose 4 bytes of kernel stack memory, leading to a
loss of privacy. (CVE-2009-2847)
Jens Rosenboom discovered that the clone method did not correctly clear
certain fields. A local attacker could exploit this to gain privileges
or crash the system, leading to a denial of service. (CVE-2009-2848)
It was discovered that the MD driver did not check certain sysfs files.
A local attacker with write access to /sys could exploit this to cause
a system crash, leading to a denial of service. Ubuntu 6.06 was not
affected. (CVE-2009-2849)
Mark Smith discovered that the AppleTalk stack did not correctly
manage memory. A remote attacker could send specially crafted traffic
to cause the system to consume all available memory, leading to a denial
of service. (CVE-2009-2903)
Loïc Minier discovered that eCryptfs did not correctly handle writing
to certain deleted files. A local attacker could exploit this to gain
root privileges or crash the system, leading to a denial of service.
Ubuntu 6.06 was not affected. (CVE-2009-2908)
It was discovered that the LLC, AppleTalk, IR, EConet, Netrom, and
ROSE network stacks did not correctly initialize their data structures.
A local attacker could make specially crafted calls to read kernel memory,
leading to a loss of privacy. (CVE-2009-3001, CVE-2009-3002)
It was discovered that the randomization used for Address Space Layout
Randomization was predictable within a small window of time. A local
attacker could exploit this to leverage further attacks that require
knowledge of userspace memory layouts. (CVE-2009-3238)
Eric Paris discovered that NFSv4 did not correctly handle file creation
failures. An attacker with write access to an NFSv4 share could exploit
this to create files with arbitrary mode bits, leading to privilege
escalation or a loss of privacy. (CVE-2009-3286)
Bob Tracy discovered that the SCSI generic driver did not correctly use
the right index for array access. A local attacker with write access
to a CDR could exploit this to crash the system, leading to a denial
of service. Only Ubuntu 9.04 was affected. (CVE-2009-3288)
Jan Kiszka discovered that KVM did not correctly validate certain
hypercalls. A local unprivileged attacker in a virtual guest could exploit
this to crash the guest kernel, leading to a denial of service. Ubuntu
6.06 was not affected. (CVE-2009-3290)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 9.04 | noarch | linux-image-2.6.28-16-virtual | < 2.6.28-16.55 | UNKNOWN |
Ubuntu | 9.04 | noarch | block-modules-2.6.28-16-generic-di | < 2.6.28-16.55 | UNKNOWN |
Ubuntu | 9.04 | noarch | crypto-modules-2.6.28-16-generic-di | < 2.6.28-16.55 | UNKNOWN |
Ubuntu | 9.04 | noarch | fat-modules-2.6.28-16-generic-di | < 2.6.28-16.55 | UNKNOWN |
Ubuntu | 9.04 | noarch | fb-modules-2.6.28-16-generic-di | < 2.6.28-16.55 | UNKNOWN |
Ubuntu | 9.04 | noarch | firewire-core-modules-2.6.28-16-generic-di | < 2.6.28-16.55 | UNKNOWN |
Ubuntu | 9.04 | noarch | floppy-modules-2.6.28-16-generic-di | < 2.6.28-16.55 | UNKNOWN |
Ubuntu | 9.04 | noarch | fs-core-modules-2.6.28-16-generic-di | < 2.6.28-16.55 | UNKNOWN |
Ubuntu | 9.04 | noarch | fs-secondary-modules-2.6.28-16-generic-di | < 2.6.28-16.55 | UNKNOWN |
Ubuntu | 9.04 | noarch | input-modules-2.6.28-16-generic-di | < 2.6.28-16.55 | UNKNOWN |
ubuntu.com/security/CVE-2009-1883
ubuntu.com/security/CVE-2009-2584
ubuntu.com/security/CVE-2009-2695
ubuntu.com/security/CVE-2009-2698
ubuntu.com/security/CVE-2009-2767
ubuntu.com/security/CVE-2009-2846
ubuntu.com/security/CVE-2009-2847
ubuntu.com/security/CVE-2009-2848
ubuntu.com/security/CVE-2009-2849
ubuntu.com/security/CVE-2009-2903
ubuntu.com/security/CVE-2009-2908
ubuntu.com/security/CVE-2009-3001
ubuntu.com/security/CVE-2009-3002
ubuntu.com/security/CVE-2009-3238
ubuntu.com/security/CVE-2009-3286
ubuntu.com/security/CVE-2009-3288
ubuntu.com/security/CVE-2009-3290
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
90.7%