CVE-2009-0835

Linux kernel <2.6.28.7 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-0835. PoCs published by Chris Evans.

AI-analyzed exploit summary This exploit demonstrates a local security-bypass vulnerability in the Linux kernel (CVE-2009-0835) by circumventing seccomp restrictions. It uses inline assembly to execute restricted system calls (chmod or stat) depending on the architecture (x86-64 or i386).

Description

The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Chris Evans · clocallinux
https://www.exploit-db.com/exploits/32829

This exploit demonstrates a local security-bypass vulnerability in the Linux kernel (CVE-2009-0835) by circumventing seccomp restrictions. It uses inline assembly to execute restricted system calls (chmod or stat) depending on the architecture (x86-64 or i386).

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel (versions affected by CVE-2009-0835)
No auth needed
Prerequisites: Local access to the target system · Kernel compiled with seccomp support
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (24)

Core 24
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35390
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34786
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2009:118
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=oss-security&m=123597627132485&w=2
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-751-1
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/33948
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35185
Various Sources mailing-list x_refsource_mlist
http://lkml.org/lkml/2009/2/28/23
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34084
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2009/dsa-1800
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/34917
Mailing List mailing-list x_refsource_mlist
http://marc.info/?l=linux-kernel&m=123579056530191&w=2
Exploit mailing-list x_refsource_mlist
http://marc.info/?l=linux-kernel&m=123579069630311&w=2
Various Sources x_refsource_misc
http://scary.beasts.org/security/CESA-2009-004.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-0451.html
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35121
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35394

Scores

EPSS 0.0093
EPSS Percentile 55.7%

Details

CWE
CWE-264
Status published
Products (13)
linux/linux_kernel 2.6.25
linux/linux_kernel 2.6.25.1
linux/linux_kernel 2.6.25.2
linux/linux_kernel 2.6.25.3
linux/linux_kernel 2.6.25.4
linux/linux_kernel 2.6.25.5
linux/linux_kernel 2.6.25.6
linux/linux_kernel 2.6.25.7
linux/linux_kernel 2.6.25.8
linux/linux_kernel 2.6.25.9
... and 3 more
Published Mar 06, 2009
Tracked Since Feb 18, 2026