CVE-2009-1894
PulseAudio <0.9.14 - Privilege Escalation
Title source: llmDescription
Race condition in PulseAudio 0.9.9, 0.9.10, and 0.9.14 allows local users to gain privileges via vectors involving creation of a hard link, related to the application setting LD_BIND_NOW to 1, and then calling execv on the target of the /proc/self/exe symlink.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by anonymous · bashlocallinux
https://www.exploit-db.com/exploits/9207
exploitdb
WORKING POC
VERIFIED
by anonymous · textlocallinux
https://www.exploit-db.com/exploits/9208
References (16)
Scores
EPSS
0.0010
EPSS Percentile
27.7%
Details
CWE
CWE-362
Status
published
Products (3)
pulseaudio/pulseaudio
0.9.9
pulseaudio/pulseaudio
0.9.10
pulseaudio/pulseaudio
0.9.14
Published
Jul 17, 2009
Tracked Since
Feb 18, 2026