CVE-2009-4067

MEDIUM

Auerswald Linux USB <2.6.27 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4067. PoCs published by R. Dominguez Veg.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the Auerswald USB Device Driver for the Linux kernel. It demonstrates the potential to execute arbitrary code with superuser privileges by overflowing a buffer with a long string in the serial number field.

Description

Buffer overflow in the auerswald_probe function in the Auerswald Linux USB driver for the Linux kernel before 2.6.27 allows physically proximate attackers to execute arbitrary code, cause a denial of service via a crafted USB device, or take full control of the system.

Exploits (1)

exploitdb WORKING POC VERIFIED
by R. Dominguez Veg · textdoslinux
https://www.exploit-db.com/exploits/35957

This exploit targets a buffer overflow vulnerability in the Auerswald USB Device Driver for the Linux kernel. It demonstrates the potential to execute arbitrary code with superuser privileges by overflowing a buffer with a long string in the serial number field.

Classification
Working Poc 80%
Attack Type
Lpe
Complexity
Moderate
Reliability
Theoretical
Target: Linux kernel 2.6.26 (Auerswald USB Device Driver)
No auth needed
Prerequisites: Access to the system with the vulnerable driver loaded
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
http://labs.mwrinfosecurity.com/files/Advisories/mwri_linux-usb-buffer-overflow_2009-10-29.pdf
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=722393

Scores

CVSS v3 6.8
EPSS 0.0206
EPSS Percentile 79.0%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (2)
linux/linux_kernel < 2.6.27
redhat/enterprise_linux 4.0
Published Feb 11, 2020
Tracked Since Feb 18, 2026