Vulnerability Details : CVE-2009-0859
The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_INFO shmctl call, as demonstrated by running the ipcs program.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2009-0859
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-0859
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-0859
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.7
|
MEDIUM | AV:L/AC:M/Au:N/C:N/I:N/A:C |
3.4
|
6.9
|
NIST |
CWE ids for CVE-2009-0859
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-0859
-
Red Hat 2009-03-10Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, 5, or Red Hat Enterprise MRG.
References for CVE-2009-0859
-
http://www.securityfocus.com/bid/34020
-
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2009:030) - openSUSE Security Announce - openSUSE Mailing Lists
-
http://marc.info/?l=linux-kernel&m=120428209704324&w=2
-
http://openwall.com/lists/oss-security/2009/03/06/1
-
http://marc.info/?l=linux-kernel&m=123309645625549&w=2
-
http://marc.info/?l=git-commits-head&m=123387479500599&w=2
-
http://www.debian.org/security/2009/dsa-1800
-
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:2009:031) - openSUSE Security Announce - openSUSE Mailing Lists
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/49229
-
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.5
-
http://patchwork.kernel.org/patch/6554/
-
http://www.ubuntu.com/usn/usn-751-1
USN-751-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.debian.org/security/2009/dsa-1787
[SECURITY] [DSA 1787-1] New quagga packages fix denial of service
-
http://www.debian.org/security/2009/dsa-1794
-
http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.html
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a68e61e8ff2d46327a37b69056998b47745db6fa
Jump to