CVE-2009-2848
Linux Kernel < 2.6.29.5 - Privilege Escalation via Improper clear_child_tid Handling
Title source: llmDescription
The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.
References (26)
Core 26
Core References
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/512019/100/0/threaded
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37471
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-852-1
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2009-1243.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36759
Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37351
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507985/100/0/threaded
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36562
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52899
Broken Link mailing-list
x_refsource_mlist
http://article.gmane.org/gmane.linux.kernel/871942
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35983
Third Party Advisory vendor-advisory
x_refsource_redhat
https://rhn.redhat.com/errata/RHSA-2009-1550.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36501
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/08/04/2
Exploit, Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/08/05/10
Broken Link vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2009-1438.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/3316
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/37105
Scores
EPSS
0.0008
EPSS Percentile
23.5%
Details
CWE
CWE-269
Status
published
Products (20)
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
8.04
canonical/ubuntu_linux
8.10
canonical/ubuntu_linux
9.04
fedoraproject/fedora
11
linux/linux_kernel
2.6.30 (7 CPE variants)
linux/linux_kernel
< 2.6.29.5
novell/linux_desktop
9
opensuse/opensuse
11.0
redhat/enterprise_linux_desktop
3.0
... and 10 more
Published
Aug 18, 2009
Tracked Since
Feb 18, 2026