5.9
CVE-2009-2848
- EPSS 0.52%
- Veröffentlicht 18.08.2009 21:00:00
- Zuletzt bearbeitet 16.06.2026 23:10:20
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version <= 2.6.29.5
Linux ≫ Linux Kernel Version2.6.30 Update-
Linux ≫ Linux Kernel Version2.6.30 Updaterc1
Linux ≫ Linux Kernel Version2.6.30 Updaterc2
Linux ≫ Linux Kernel Version2.6.30 Updaterc3
Linux ≫ Linux Kernel Version2.6.30 Updaterc4
Linux ≫ Linux Kernel Version2.6.30 Updaterc5
Linux ≫ Linux Kernel Version2.6.30 Updaterc6
Novell ≫ Linux Desktop Version9
Suse ≫ Linux Enterprise Desktop Version10 Updatesp2
Suse ≫ Linux Enterprise Server Version9
Suse ≫ Linux Enterprise Server Version10 Updatesp2
Fedoraproject ≫ Fedora Version11
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04
Canonical ≫ Ubuntu Linux Version8.10
Canonical ≫ Ubuntu Linux Version9.04
Redhat ≫ Enterprise Linux Desktop Version3.0
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Server Version3.0
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Workstation Version3.0
Redhat ≫ Enterprise Linux Workstation Version5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.52% | 0.397 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 3.4 | 8.5 |
AV:L/AC:M/Au:N/C:P/I:P/A:C
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
http://secunia.com/advisories/37471
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316
http://www.securityfocus.com/archive/1/512019/100/0/threaded
https://rhn.redhat.com/errata/RHSA-2009-1550.html
http://rhn.redhat.com/errata/RHSA-2009-1243.html
http://secunia.com/advisories/36562
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
http://secunia.com/advisories/37351
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://secunia.com/advisories/36759
http://www.redhat.com/support/errata/RHSA-2009-1438.html
http://secunia.com/advisories/37105
http://www.ubuntu.com/usn/USN-852-1
http://secunia.com/advisories/36501
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html
http://article.gmane.org/gmane.linux.kernel/871942
http://secunia.com/advisories/35983
http://www.openwall.com/lists/oss-security/2009/08/04/2
http://www.openwall.com/lists/oss-security/2009/08/05/10
https://exchange.xforce.ibmcloud.com/vulnerabilities/52899
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766