Vulnerability DatabaseCVE-2009-2848
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2009-2848
August 18, 2009
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
Related ResourcesĀ (28)
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/archive/1/512019/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/52899
http://secunia.com/advisories/36501
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
http://www.openwall.com/lists/oss-security/2009/08/05/10
http://www.vupen.com/english/advisories/2009/3316
http://www.openwall.com/lists/oss-security/2009/08/04/2
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html
http://www.redhat.com/support/errata/RHSA-2009-1438.html
http://rhn.redhat.com/errata/RHSA-2009-1243.html
http://secunia.com/advisories/37471
http://article.gmane.org/gmane.linux.kernel/871942
http://secunia.com/advisories/36562
http://secunia.com/advisories/36759
http://secunia.com/advisories/35983
https://rhn.redhat.com/errata/RHSA-2009-1550.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://secunia.com/advisories/37351
https://access.redhat.com/security/cve/CVE-2009-2848
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412
http://secunia.com/advisories/37105
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598
http://www.ubuntu.com/usn/USN-852-1
https://people.canonical.com/~ubuntu-security/cve/CVE-2009-2848
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
Do you need more information?
Contact Us
CVSS v4
Base Score:
5.9
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.2
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
HIGH
CVSS v2
Base Score:
5.9
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
COMPLETE
Weakness Type (CWE)
Improper Privilege Management
CWE-269
EPSS
Base Score:
0.07