CVE-2009-3888

Linux Kernel < 2.6.31.6 - Denial of Service via do_mmap_pgoff Memory Allocation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-3888. PoCs published by David Howells.

AI-analyzed exploit summary This code is a minimal stub that attempts to allocate a large static array, likely intended to trigger a stack overflow or memory exhaustion. It lacks functional exploit logic and does not demonstrate a working PoC for CVE-2009-3888.

Description

The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory.

Exploits (1)

exploitdb STUB VERIFIED

by David Howells · cdoslinux

https://www.exploit-db.com/exploits/10017

View Code ZIP pw:eip

This code is a minimal stub that attempts to allocate a large static array, likely intended to trigger a stack overflow or memory exhaustion. It lacks functional exploit logic and does not demonstrate a working PoC for CVE-2009-3888.

Classification

Stub 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Theoretical

Target: Unspecified (likely Linux kernel or glibc due to CVE context)

No auth needed

Prerequisites: None

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2009/11/13/3

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2009/11/09/2

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/usn-864-1

Vendor Advisory x_refsource_confirm

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6

Patch x_refsource_confirm

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89a8640279f8bb78aaf778d1fc5c4a6778f18064

Scores

EPSS 0.0075

EPSS Percentile 50.0%

Details

CWE

CWE-399

Status published

Products (50)

linux/linux_kernel 2.6.0

linux/linux_kernel 2.6.1

linux/linux_kernel 2.6.2

linux/linux_kernel 2.6.3

linux/linux_kernel 2.6.4

linux/linux_kernel 2.6.5

linux/linux_kernel 2.6.6

linux/linux_kernel 2.6.7

linux/linux_kernel 2.6.8

linux/linux_kernel 2.6.8.1

... and 40 more

Published Nov 16, 2009

Tracked Since Feb 18, 2026