Lucene search

K
ubuntucveUbuntu.comUB:CVE-2009-1883
HistorySep 18, 2009 - 12:00 a.m.

CVE-2009-1883

2009-09-1800:00:00
ubuntu.com
ubuntu.com
17
z90crypt driver
linux kernel 2.6.9
local users
driver outage

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

5.1%

The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux
kernel 2.6.9 does not perform a capability check for the Z90QUIESCE
operation, which allows local users to leverage euid 0 privileges to force
a driver outage.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchlinux-source-2.6.15< 2.6.15-55.80UNKNOWN

CVSS2

4.4

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

EPSS

0

Percentile

5.1%