CVE-2009-2698

HIGH EXPLOITED

Linux Kernel <2.6.19 - Privilege Escalation

Title source: llm

Description

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

Exploits (4)

nomisec WORKING POC 28 stars

by xiaoxiaoleo · poc

https://github.com/xiaoxiaoleo/CVE-2009-2698

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by spender · textlocallinux

https://www.exploit-db.com/exploits/9574

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Andi · clocallinux

https://www.exploit-db.com/exploits/9575

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by INetCop Security · clocallinux_x86

https://www.exploit-db.com/exploits/9542

View Code ZIP pw:eip

References (26)

[Broken Link] http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=1e0c14f49d6b393179f423abbac47f85618d3d46

[Mailing List, Third Party Advisory] http://lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2009-1222.html

[Third Party Advisory] http://rhn.redhat.com/errata/RHSA-2009-1223.html

[Broken Link, Vendor Advisory] http://secunia.com/advisories/23073

[Broken Link, Vendor Advisory] http://secunia.com/advisories/36430

[Broken Link, Vendor Advisory] http://secunia.com/advisories/36510

[Broken Link, Vendor Advisory] http://secunia.com/advisories/37105

[Broken Link, Vendor Advisory] http://secunia.com/advisories/37298

[Broken Link, Vendor Advisory] http://secunia.com/advisories/37471

[Third Party Advisory] http://support.avaya.com/css/P8/documents/100067254

[Broken Link, Vendor Advisory] http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19

[Broken Link, Third Party Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2011:051

[Mailing List] http://www.openwall.com/lists/oss-security/2009/08/25/1

[Broken Link, Third Party Advisory] http://www.redhat.com/support/errata/RHSA-2009-1233.html

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/507985/100/0/threaded

[Broken Link, Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/512019/100/0/threaded

[Broken Link, Exploit, Patch, Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/36108

[Broken Link, Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1022761

[Third Party Advisory] http://www.ubuntu.com/usn/USN-852-1

... and 6 more

Scores

CVSS v3 7.8

EPSS 0.2843

EPSS Percentile 96.4%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitation Intel

VulnCheck KEV 2026-02-09

Classification

CWE

CWE-476

Status draft

Affected Products (20)

linux/linux_kernel < 2.6.19

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

canonical/ubuntu_linux

suse/linux_enterprise_desktop

suse/linux_enterprise_server

suse/linux_enterprise_server

fedoraproject/fedora

redhat/enterprise_linux_desktop

redhat/enterprise_linux_desktop

redhat/enterprise_linux_eus

redhat/enterprise_linux_eus

redhat/enterprise_linux_server

redhat/enterprise_linux_server

... and 5 more

Timeline

Published Aug 27, 2009

Tracked Since Feb 18, 2026