CVE-2009-0676

Linux <2.6.28.6 - Info Disclosure

Title source: llm

Description

The sock_getsockopt function in net/core/sock.c in the Linux kernel before 2.6.28.6 does not initialize a certain structure member, which allows local users to obtain potentially sensitive information from kernel memory via an SO_BSDCOMPAT getsockopt request.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Clément Lecigne · clocallinux
https://www.exploit-db.com/exploits/32805

References (38)

... and 18 more

Scores

EPSS 0.0018
EPSS Percentile 39.4%

Classification

CWE
CWE-264
Status draft

Affected Products (50)

linux/linux_kernel < 2.6.28.5
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
linux/linux_kernel
... and 35 more

Timeline

Published Feb 22, 2009
Tracked Since Feb 18, 2026