Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2009-2692

Опубликовано: 14 авг. 2009
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS2: 7.2
CVSS3: 7.8

Описание

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

РелизСтатусПримечание
dapper

DNE

devel

not-affected

2.6.31-6.25
hardy

released

2.6.24-24.59
intrepid

released

2.6.27-14.39
jaunty

released

2.6.28-15.49
upstream

released

2.6.31~rc6

Показывать по

РелизСтатусПримечание
dapper

released

2.6.15-54.79
devel

DNE

hardy

DNE

intrepid

DNE

jaunty

DNE

upstream

released

2.6.31~rc6

Показывать по

Ссылки на источники

EPSS

Процентиль: 95%
0.18141
Средний

7.2 High

CVSS2

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2009-2692

redhat
почти 16 лет назад

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

nvd логотип

CVE-2009-2692

CVSS3: 7.8
nvd
почти 16 лет назад

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

debian логотип

CVE-2009-2692

CVSS3: 7.8
debian
почти 16 лет назад

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, d ...

github логотип

GHSA-j86m-g62r-5g7r

CVSS3: 7.8
github
около 3 лет назад

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

oracle-oval логотип

ELSA-2009-1222

oracle-oval
почти 16 лет назад

ELSA-2009-1222: kernel security and bug fix update (IMPORTANT)

EPSS

Процентиль: 95%
0.18141
Средний

7.2 High

CVSS2

7.8 High

CVSS3