CVE-2009-2692

CVSS V2 High 7.2 CVSS V3 None

Description

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

Overview

CVE ID
CVE-2009-2692

Assigner
cve@mitre.org

Vulnerability Status
Modified

Published Version
2009-08-14T15:16:27

Last Modified Date
2018-10-10T19:41:39

Weakness Enumerations

CWE	URL
CWE-119	http://cwe.mitre.org/data/definitions/119.html

CPE Configuration (Product)

CPE	Vulnerable	Operator
cpe:2.3:a:linux:kernel:2.6.24.7:::::::*	1	OR
cpe:2.3:a:linux:kernel:2.6.25.15:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.4:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.5:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.6:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.7:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.8:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.9:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.10:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.11:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.12:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.13:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.14:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.15:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.16:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.17:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.18:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.18::pre-1:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.18::pre-2:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.18::pre-3:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.18::pre-4:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.18::pre-5:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.18::pre-6:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.18::pre-7:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.18::pre-8:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.18::x86:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.19:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.19::-pre1:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.19::-pre2:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.19::-pre3:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.19::-pre4:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.19::-pre5:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.19::-pre6:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.20:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.21:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.21::-pre1:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.21::-pre4:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.21::-pre7:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.22:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.23:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.23::-ow2:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.23::-pre9:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.24::-ow1:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.25:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.26:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.27:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.27::-pre1:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.27::-pre2:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.27::-pre3:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.27::-pre4:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.27::-pre5:::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.28:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.29:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.29:-rc1::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.29:-rc2::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.30:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.30:rc2::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.30:rc3::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.31:-pre1::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.32:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.32:-pre1::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.32:-pre2::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.33:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.33:p-re1::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.33.2:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.33.3:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.33.4:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.33.5:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.33.7:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.34:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.35.3:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.36:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.36.1:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.36.2:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.36.3:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.36.4:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.36.5:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.36.6:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.36.7:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.36.8:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.37:-rc1::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.4.37.1:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.0:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.1:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.10:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.1:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.2:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.3:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.4:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.5:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.6:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.7:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.8:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.9:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.10:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.11:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.11.12:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.12:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.12.1:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.12.2:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.12.3:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.12.4:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.12.5:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.12.6:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.13:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.13.1:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.13.2:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.13.3:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.13.4:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.13.5:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.14:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.14.1:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.14.2:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.14.3:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.14.4:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.14.5:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.14.6:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.14.7:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.15:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.15.1:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.15.2:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.15.3:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.15.4:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.15.5:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.15.6:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.15.7:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.1:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.2:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.10:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.11:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.12:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.13:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.14:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.15:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.16:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.17:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.18:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.19:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.20:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.21:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.22:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.23:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.24:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.25:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.26:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.27:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.16.28:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.30:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.30:rc1::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.30:rc2::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.30:rc3::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.30:rc5::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.30:rc6::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.30:rc7-git6::::::	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.30.1:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.30.2:::::::*	1	OR
cpe:2.3:o:linux:linux_kernel:2.6.30.4:::::::*	1	OR

CVSS Version 2

Version
2.0

Vector String
AV:L/AC:L/Au:N/C:C/I:C/A:C

Access Vector
LOCAL

Access Compatibility
LOW

Authentication
NONE

Confidentiality Impact
COMPLETE

Integrity Impact
COMPLETE

Availability Impact
COMPLETE

Base Score
7.2

Severity
HIGH

Exploitability Score
3.9

Impact Score
10

References

Reference URL	Reference Tags
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6	Vendor Advisory
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html	Exploit
http://www.securityfocus.com/bid/36038	Exploit
http://grsecurity.net/~spender/wunderbar_emporium.tgz
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=e694958388c50148389b0e9b9e9e8945cf0f1b98
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5	Vendor Advisory
http://secunia.com/advisories/36327	Vendor Advisory
http://www.vupen.com/english/advisories/2009/2272	Patch Vendor Advisory
http://www.debian.org/security/2009/dsa-1865
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5	Vendor Advisory
http://secunia.com/advisories/36289	Vendor Advisory
https://issues.rpath.com/browse/RPL-3103
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121
http://zenthought.org/content/file/android-root-2009-08-16-source
http://secunia.com/advisories/36430	Vendor Advisory
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git;a=commit;h=c18d0fe535a73b219f960d1af3d0c264555a12e3
http://rhn.redhat.com/errata/RHSA-2009-1223.html
http://rhn.redhat.com/errata/RHSA-2009-1222.html
https://bugzilla.redhat.com/show_bug.cgi?id=516949
http://secunia.com/advisories/36278	Vendor Advisory
http://www.openwall.com/lists/oss-security/2009/08/14/1
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html
http://www.redhat.com/support/errata/RHSA-2009-1233.html
http://support.avaya.com/css/P8/documents/100067254
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.vupen.com/english/advisories/2009/3316	Vendor Advisory
http://secunia.com/advisories/37471	Vendor Advisory
http://secunia.com/advisories/37298	Vendor Advisory
http://www.exploit-db.com/exploits/19933
http://www.mandriva.com/security/advisories?name=MDVSA-2009:233
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526
http://www.exploit-db.com/exploits/9477
http://www.securityfocus.com/archive/1/512019/100/0/threaded
http://www.securityfocus.com/archive/1/507985/100/0/threaded
http://www.securityfocus.com/archive/1/505912/100/0/threaded
http://www.securityfocus.com/archive/1/505751/100/0/threaded

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2009-2692
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2692

History

Created	Old Value	New Value	Data Type	Notes
2022-05-10 18:32:26				Added to TrackCVE