7.2 High
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
kernel is vulnerable to privilege escalation. The SOCKOPS_WRAP macro did not initialize the sendpage operation in the proto_ops structure correctly. A local, unprivileged user could use this flaw to cause a local denial of service or escalate their privileges.
archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html
blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
grsecurity.net/~spender/wunderbar_emporium.tgz
lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
rhn.redhat.com/errata/RHSA-2009-1222.html
rhn.redhat.com/errata/RHSA-2009-1223.html
secunia.com/advisories/36278
secunia.com/advisories/36289
secunia.com/advisories/36327
secunia.com/advisories/36430
secunia.com/advisories/37298
secunia.com/advisories/37471
support.avaya.com/css/P8/documents/100067254
wiki.rpath.com/wiki/Advisories:rPSA-2009-0121
www.debian.org/security/2009/dsa-1865
www.exploit-db.com/exploits/19933
www.exploit-db.com/exploits/9477
www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5
www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6
www.mandriva.com/security/advisories?name=MDVSA-2009:233
www.openwall.com/lists/oss-security/2009/08/14/1
www.redhat.com/security/updates/classification/#important
www.redhat.com/support/errata/RHSA-2009-1233.html
www.securityfocus.com/archive/1/505751/100/0/threaded
www.securityfocus.com/archive/1/505912/100/0/threaded
www.securityfocus.com/archive/1/507985/100/0/threaded
www.securityfocus.com/archive/1/512019/100/0/threaded
www.securityfocus.com/bid/36038
www.vmware.com/security/advisories/VMSA-2009-0016.html
www.vupen.com/english/advisories/2009/2272
www.vupen.com/english/advisories/2009/3316
zenthought.org/content/file/android-root-2009-08-16-source
access.redhat.com/errata/RHSA-2009:1239
bugzilla.redhat.com/show_bug.cgi?id=516949
issues.rpath.com/browse/RPL-3103
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657