CVE-2009-3001

Linux Kernel < 2.6.31 - Uninitialized Memory Exposure via llc_ui_getname

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3001. PoCs published by Jon Oberheide.

AI-analyzed exploit summary This exploit demonstrates a 5-byte kernel stack information leak via AF_LLC getsockname() in Linux Kernel <= 2.6.31-rc7. It creates an AF_LLC socket, binds it, and repeatedly calls getsockname() to disclose uninitialized stack memory.

Description

The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC socket.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Jon Oberheide · clocallinux
https://www.exploit-db.com/exploits/9513

This exploit demonstrates a 5-byte kernel stack information leak via AF_LLC getsockname() in Linux Kernel <= 2.6.31-rc7. It creates an AF_LLC socket, binds it, and repeatedly calls getsockname() to disclose uninitialized stack memory.

Classification
Working Poc 100%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Linux Kernel <= 2.6.31-rc7
No auth needed
Prerequisites: Linux system with kernel <= 2.6.31-rc7 · CAP_NET_RAW capability (or kernel <= 2.6.24.4)
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2009/08/26/1
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-852-1
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=519305
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9513
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/52732
Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36126
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/37105

Scores

EPSS 0.0102
EPSS Percentile 58.8%

Details

CWE
CWE-200
Status published
Products (6)
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 8.10
canonical/ubuntu_linux 9.04
linux/linux_kernel 2.6.31 (7 CPE variants)
linux/linux_kernel < 2.6.31
Published Aug 28, 2009
Tracked Since Feb 18, 2026