CVE-2009-1897
Linux Kernel 2.6.30 - 'tun_chr_pool()' Null Pointer Dereference
Severity Score
6.9
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.
La función tun_chr_poll en drivers/net/tun.c en el subsistema tun del kernel de Linux v2.6.30 y v2.6.30.1, cuando se omite la opción -fno-delete-null-pointer-checks en gcc, permite a atacantes locales obtener privilegios a través de vectores que implican desreferenciacion de punteros NULL y un nmap de /dev/net/tun, es una vulnerabilidad diferente a CVE-2009-1894.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-06-02 CVE Reserved
- 2009-06-17 First Exploit
- 2009-07-20 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (15)
| URL | Tag | Source |
|---|---|---|
| http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0241.html | Mailing List | |
| http://archives.neohapsis.com/archives/fulldisclosure/2009-07/0246.html | Mailing List | |
| http://article.gmane.org/gmane.linux.network/124939 | Mailing List | |
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3c8a9c63d5fd738c261bd0ceece04d9c8357ca13 | X_refsource_confirm | |
| http://www.openwall.com/lists/oss-security/2009/07/17/1 | Mailing List |
|
| https://bugzilla.redhat.com/show_bug.cgi?id=512284 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51803 | Vdb Entry | |
| https://www.redhat.com/en/blog/security-flaws-caused-compiler-optimizations | X_refsource_misc |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/33088 | 2009-06-17 | |
| https://www.exploit-db.com/exploits/9191 | 2009-07-17 | |
| http://isc.sans.org/diary.html?storyid=6820 | 2024-08-07 | |
| http://lkml.org/lkml/2009/7/6/19 | 2024-08-07 |
| URL | Date | SRC |
|---|---|---|
| http://grsecurity.net/~spender/cheddar_bay.tgz | 2023-02-13 | |
| http://www.vupen.com/english/advisories/2009/1925 | 2023-02-13 |
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/35839 | 2023-02-13 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.30 Search vendor "Linux" for product "Linux Kernel" and version "2.6.30" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.30 Search vendor "Linux" for product "Linux Kernel" and version "2.6.30" | rc1 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.30 Search vendor "Linux" for product "Linux Kernel" and version "2.6.30" | rc2 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.30 Search vendor "Linux" for product "Linux Kernel" and version "2.6.30" | rc3 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.30 Search vendor "Linux" for product "Linux Kernel" and version "2.6.30" | rc4, x86_32 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.30 Search vendor "Linux" for product "Linux Kernel" and version "2.6.30" | rc5 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.30 Search vendor "Linux" for product "Linux Kernel" and version "2.6.30" | rc6 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.30 Search vendor "Linux" for product "Linux Kernel" and version "2.6.30" | rc7-git6 |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | 2.6.30.1 Search vendor "Linux" for product "Linux Kernel" and version "2.6.30.1" | - |
Affected
| ||||||