CVSS: 7.8EPSS: 0%CPEs: 20EXPL: 5CVE-2009-2698 – Linux Kernel < 2.6.19 (Debian 4) - 'udp_sendmsg' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2698
27 Aug 2009 — The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket. La función udp_sendmsg en la implementación UDP en los archivos (1) net/ipv4/udp.c y (2) net/ipv6/udp.c en el kernel de Linux anterior a versión 2.6.19, permite a los usuarios locales obtener privilegios o causar ... • https://www.exploit-db.com/exploits/9575 • CWE-476: NULL Pointer Dereference •
CVSS: 6.2EPSS: 0%CPEs: 309EXPL: 1CVE-2009-2849 – kernel: md: NULL pointer deref when accessing suspend_* sysfs attributes
https://notcve.org/view.php?id=CVE-2009-2849
18 Aug 2009 — The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_store functions. NOTE: this is only a vulnerability when sysfs is writable by an attacker. El driver md (drivers/md/md.c) en el kernel de Linux anteriores a 2.6.30.2 podría permitir a usuarios locales producir una denegación de servicio (referencia a un puntero nul... • http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.30.y.git%3Ba=commit%3Bh=3c92900d9a4afb176d3de335dc0da0198660a244 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 0%CPEs: 27EXPL: 2CVE-2009-2848 – kernel: execve: must clear current->clear_child_tid
https://notcve.org/view.php?id=CVE-2009-2848
18 Aug 2009 — The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit. Una función execve en el kernel de Linux, posiblemente versión 2.6.30-rc6 y anteriores, no borra apropiadamente el puntero de curr... • http://article.gmane.org/gmane.linux.kernel/871942 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-269: Improper Privilege Management •
CVSS: 7.8EPSS: 5%CPEs: 79EXPL: 0CVE-2009-2844
https://notcve.org/view.php?id=CVE-2009-2844
18 Aug 2009 — cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerab... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=cd3468bad96c00b5a512f551674f36776129520e • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 316EXPL: 0CVE-2009-2846
https://notcve.org/view.php?id=CVE-2009-2846
18 Aug 2009 — The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes that ppos is positive and causes an out-of-bounds read in the readb function. La función eisa_eeprom_read en el componente the parisc isa-eeprom (drivers/parisc/eisa_eeprom.c) en el kernel de Linux anterior a v2.6.31-rc6 permite a usuarios locales acceder a memoria... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=6b4dbcd86a9d464057fcc7abe4d0574093071fcc • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.5EPSS: 0%CPEs: 80EXPL: 2CVE-2009-2847 – Linux Kernel 2.6.31-rc5 - sigaltstack 4-Byte Stack Disclosure
https://notcve.org/view.php?id=CVE-2009-2847
18 Aug 2009 — The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function. La función do_sigaltstack en kernel/signal.c en el kernel de Linux 2.6 antes de 2.6.31-RC5, cuando se ejecuta en sistemas de 64 bits, no limpia algunos octetos de relleno de una estructura, lo que permite a ... • https://www.exploit-db.com/exploits/9352 •
CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 14CVE-2009-2692 – Linux Kernel 2.x (Android) - 'sock_sendpage()' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2009-2692
14 Aug 2009 — The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket. El kernel de Linux versiones 2.6.0 hasta 2.6.30.4 y 2.4.4 hasta 2.4.3... • https://www.exploit-db.com/exploits/9477 • CWE-476: NULL Pointer Dereference CWE-908: Use of Uninitialized Resource •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2009-2768
https://notcve.org/view.php?id=CVE-2009-2768
14 Aug 2009 — The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer." La función load_flat_shared_library en el archivo fs/binfmt_flat.c en el subsistema flat en el kernel de Linux anterior a versión 2.6.31-rc6, permite a los usuarios... • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3440625d78711bee41a84cf29c3d8c579b522666 • CWE-476: NULL Pointer Dereference CWE-824: Access of Uninitialized Pointer •
CVSS: 7.2EPSS: 0%CPEs: 79EXPL: 1CVE-2009-2767 – Linux Kernel 2.6.x - 'posix-timers.c' Null Pointer Dereference Denial of Service
https://notcve.org/view.php?id=CVE-2009-2767
14 Aug 2009 — The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference. La función init_posix_timers en kernel/posix-timers.c en el kernel de linux anteriores a v2.6.31-rc6 permite a usuarios locales provocar una denegación de servicio (OOPS) o posiblemente conseguir privilegios a través de una llamada CLOCK_MONOTONI... • https://www.exploit-db.com/exploits/33148 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.7EPSS: 0%CPEs: 10EXPL: 0CVE-2009-2691 – kernel: /proc/$pid/maps visible during initial setuid ELF loading
https://notcve.org/view.php?id=CVE-2009-2691
14 Aug 2009 — The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition. La función mm_for_maps en fs/proc/base.c en el kernel Linux v2.6.30.4 y anteriores permiten a usuarios locales leer (1) mapas y (2) ficheros smaps bajo proc/ a través de vectores relativos a la carga ELF, un proceso setuid, y condición de carrera. • http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=00f89d218523b9bf6b522349c039d5ac80aa536d • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •