CVE-2009-0029

EPSS 0.04%
Published 15.01.2009 17:30:00
Last modified 09.04.2025 00:30:58
Source secalert@redhat.com
Teams watchlist Login
Open Login

The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.

Affected products Warnungen 0 Metrics 2 CWE 1 References 17

Data is provided by the National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version <= 2.6.28

Debian ≫ Debian Linux Version4.0

Debian ≫ Debian Linux Version5.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.04%	0.102

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.2	3.9	10	AV:L/AC:L/Au:N/C:C/I:C/A:C

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html

Third Party Advisory

http://secunia.com/advisories/34981

Third Party Advisory

http://www.debian.org/security/2009/dsa-1787

Third Party Advisory

http://secunia.com/advisories/35011

Third Party Advisory

http://www.debian.org/security/2009/dsa-1794

Third Party Advisory

http://secunia.com/advisories/33674

Third Party Advisory