Vulnerability Details : CVE-2009-3725
The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.
Exploit prediction scoring system (EPSS) score for CVE-2009-3725
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-3725
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST |
CWE ids for CVE-2009-3725
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-3725
-
Red Hat 2009-11-09Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG, as they do not include the upstream change introducing this flaw.
-
http://www.ubuntu.com/usn/usn-864-1
USN-864-1: Linux kernel vulnerabilities | Ubuntu security notices | UbuntuThird Party Advisory
-
http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/
Exploit;Third Party Advisory
-
http://patchwork.kernel.org/patch/51382/
Patch;Vendor Advisory
-
http://patchwork.kernel.org/patch/51383/
Patch;Vendor Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5
Vendor Advisory
-
http://patchwork.kernel.org/patch/51384/
Patch;Vendor Advisory
-
http://marc.info/?l=oss-security&m=125715484511380&w=2
Mailing List;Third Party Advisory
-
http://patchwork.kernel.org/patch/51387/
Patch;Vendor Advisory
-
http://www.securityfocus.com/bid/36834
Patch;Third Party Advisory
-
http://marc.info/?l=oss-security&m=125716192622235&w=2
Mailing List;Third Party Advisory
-
http://marc.info/?l=linux-kernel&m=125449888416314&w=2
Mailing List;Third Party Advisory
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*