CVE-2009-2793

NetBSD <5.0.1 - Privilege Escalation

Title source: llm

Description

The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Tavis Ormandy · clocalbsd

https://www.exploit-db.com/exploits/33229

View Code ZIP pw:eip

References (1)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/506531/100/0/threaded

Scores

EPSS 0.0024

EPSS Percentile 47.1%

Details

CWE

CWE-264

Status published

Products (30)

netbsd/netbsd 0.8

netbsd/netbsd 0.9

netbsd/netbsd 1.0

netbsd/netbsd 1.1

netbsd/netbsd 1.2

netbsd/netbsd 1.2.1

netbsd/netbsd 1.3

netbsd/netbsd 1.3.1

netbsd/netbsd 1.3.2

netbsd/netbsd 1.3.3

... and 20 more

Published Sep 18, 2009

Tracked Since Feb 18, 2026