7.2

CVE-2009-2767

The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxKernel Version2.6.24.7
LinuxKernel Version2.6.25.15
LinuxLinux Kernel Update-rc5 Version <= 2.6.16.31
LinuxLinux Kernel Version2.6
LinuxLinux Kernel Version2.6.0
LinuxLinux Kernel Version2.6.1
LinuxLinux Kernel Version2.6.10
LinuxLinux Kernel Version2.6.11
LinuxLinux Kernel Version2.6.11.1
LinuxLinux Kernel Version2.6.11.2
LinuxLinux Kernel Version2.6.11.3
LinuxLinux Kernel Version2.6.11.4
LinuxLinux Kernel Version2.6.11.5
LinuxLinux Kernel Version2.6.11.6
LinuxLinux Kernel Version2.6.11.7
LinuxLinux Kernel Version2.6.11.8
LinuxLinux Kernel Version2.6.11.9
LinuxLinux Kernel Version2.6.11.10
LinuxLinux Kernel Version2.6.11.11
LinuxLinux Kernel Version2.6.11.12
LinuxLinux Kernel Version2.6.12
LinuxLinux Kernel Version2.6.12.1
LinuxLinux Kernel Version2.6.12.2
LinuxLinux Kernel Version2.6.12.3
LinuxLinux Kernel Version2.6.12.4
LinuxLinux Kernel Version2.6.12.5
LinuxLinux Kernel Version2.6.12.6
LinuxLinux Kernel Version2.6.13
LinuxLinux Kernel Version2.6.13.1
LinuxLinux Kernel Version2.6.13.2
LinuxLinux Kernel Version2.6.13.3
LinuxLinux Kernel Version2.6.13.4
LinuxLinux Kernel Version2.6.13.5
LinuxLinux Kernel Version2.6.14
LinuxLinux Kernel Version2.6.14.1
LinuxLinux Kernel Version2.6.14.2
LinuxLinux Kernel Version2.6.14.3
LinuxLinux Kernel Version2.6.14.4
LinuxLinux Kernel Version2.6.14.5
LinuxLinux Kernel Version2.6.14.6
LinuxLinux Kernel Version2.6.14.7
LinuxLinux Kernel Version2.6.15
LinuxLinux Kernel Version2.6.15.1
LinuxLinux Kernel Version2.6.15.2
LinuxLinux Kernel Version2.6.15.3
LinuxLinux Kernel Version2.6.15.4
LinuxLinux Kernel Version2.6.15.5
LinuxLinux Kernel Version2.6.15.6
LinuxLinux Kernel Version2.6.15.7
LinuxLinux Kernel Version2.6.16
LinuxLinux Kernel Version2.6.16.1
LinuxLinux Kernel Version2.6.16.2
LinuxLinux Kernel Version2.6.16.3
LinuxLinux Kernel Version2.6.16.10
LinuxLinux Kernel Version2.6.16.11
LinuxLinux Kernel Version2.6.16.12
LinuxLinux Kernel Version2.6.16.13
LinuxLinux Kernel Version2.6.16.14
LinuxLinux Kernel Version2.6.16.15
LinuxLinux Kernel Version2.6.16.16
LinuxLinux Kernel Version2.6.16.17
LinuxLinux Kernel Version2.6.16.18
LinuxLinux Kernel Version2.6.16.19
LinuxLinux Kernel Version2.6.16.20
LinuxLinux Kernel Version2.6.16.21
LinuxLinux Kernel Version2.6.16.22
LinuxLinux Kernel Version2.6.16.23
LinuxLinux Kernel Version2.6.16.24
LinuxLinux Kernel Version2.6.16.25
LinuxLinux Kernel Version2.6.16.26
LinuxLinux Kernel Version2.6.16.27
LinuxLinux Kernel Version2.6.16.28
LinuxLinux Kernel Version2.6.16.29
LinuxLinux Kernel Version2.6.16.30
LinuxLinux Kernel Version2.6.16.31
LinuxLinux Kernel Version2.6.16.31 Update-rc1
LinuxLinux Kernel Version2.6.16.31 Update-rc2
LinuxLinux Kernel Version2.6.16.31 Update-rc3
LinuxLinux Kernel Version2.6.16.31 Update-rc4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.74% 0.498
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.2 3.9 10
AV:L/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://secunia.com/advisories/37105
http://www.ubuntu.com/usn/USN-852-1
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=70d715fd0597f18528f389b5ac59102263067744
http://lkml.org/lkml/2009/8/4/28
Patch
http://lkml.org/lkml/2009/8/4/40
Patch
http://secunia.com/advisories/36200
Vendor Advisory
http://www.openwall.com/lists/oss-security/2009/08/06/2
http://www.vupen.com/english/advisories/2009/2197
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/52317