CVE-2009-2692
high-risk
Published 2009-08-14
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Do I need to act?
!
17.6% chance of exploitation in next 30 days
EPSS score — higher than 82% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (12)
References (78)
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-1222.html
Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-1223.html
Broken Link
http://secunia.com/advisories/36278
Broken Link
http://secunia.com/advisories/36289
Broken Link
http://secunia.com/advisories/36327
Broken Link
http://secunia.com/advisories/36430
Broken Link
http://secunia.com/advisories/37298
Broken Link
http://secunia.com/advisories/37471
Third Party Advisory
http://support.avaya.com/css/P8/documents/100067254
Mailing List
http://www.debian.org/security/2009/dsa-1865
Third Party Advisory
http://www.exploit-db.com/exploits/9477
and 58 more references
61
/ 100
high-risk
Severity
24/34 · High
Exploitability
20/34 · Moderate
Exposure
17/34 · Moderate