CVE-2009-2695

Linux kernel <2.6.31-rc7 - Privilege Escalation

Title source: llm
STIX 2.1

Description

The Linux kernel before 2.6.31-rc7 does not properly prevent mmap operations that target page zero and other low memory addresses, which allows local users to gain privileges by exploiting NULL pointer dereference vulnerabilities, related to (1) the default configuration of the allow_unconfined_mmap_low boolean in SELinux on Red Hat Enterprise Linux (RHEL) 5, (2) an error that causes allow_unconfined_mmap_low to be ignored in the unconfined_t domain, (3) lack of a requirement for the CAP_SYS_RAWIO capability for these mmap operations, and (4) interaction between the mmap_min_addr protection mechanism and certain application programs.

References (37)

Core 37
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1540.html
Vendor Advisory vendor-advisory x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1548.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1672.html
Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36051
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=517830
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-852-1
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38794
Various Sources mailing-list x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Various Sources x_refsource_confirm
http://patchwork.kernel.org/patch/36540/
Various Sources x_refsource_confirm
http://patchwork.kernel.org/patch/36539/
Various Sources x_refsource_confirm
http://kbase.redhat.com/faq/docs/DOC-18042
Various Sources x_refsource_confirm
http://eparis.livejournal.com/606.html
Various Sources x_refsource_misc
http://twitter.com/spendergrsec/statuses/3303390960
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=511143
Patch x_refsource_confirm
http://patchwork.kernel.org/patch/36649/
Various Sources x_refsource_confirm
http://thread.gmane.org/gmane.linux.kernel.lsm/9075
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38834
Exploit x_refsource_confirm
http://danwalsh.livejournal.com/30084.html
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9882
Various Sources x_refsource_confirm
http://patchwork.kernel.org/patch/36650/
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/08/17/4
Third Party Advisory, VDB Entry vdb-entry signature x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7144
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/36501
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2010/dsa-2005
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37105
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2010/0528

Scores

EPSS 0.0051
EPSS Percentile 40.1%

Details

CWE
CWE-119
Status published
Products (50)
linux/linux_kernel 2.6.0
linux/linux_kernel 2.6.1
linux/linux_kernel 2.6.2
linux/linux_kernel 2.6.3
linux/linux_kernel 2.6.4
linux/linux_kernel 2.6.5
linux/linux_kernel 2.6.6
linux/linux_kernel 2.6.7
linux/linux_kernel 2.6.8
linux/linux_kernel 2.6.8.1
... and 40 more
Published Aug 28, 2009
Tracked Since Feb 18, 2026