Vulnerability Details : CVE-2009-1883
The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage.
Products affected by CVE-2009-1883
- cpe:2.3:o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2009-1883
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-1883
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
NIST |
CWE ids for CVE-2009-1883
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-1883
-
Red Hat 2009-09-22This issue did not affect kernel packages as shipped in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 1. It was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2009-1438.html . This issue has been rated as having moderate security impact. It is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
References for CVE-2009-1883
-
http://www.redhat.com/support/errata/RHSA-2009-1438.html
SupportVendor Advisory
-
http://www.openwall.com/lists/oss-security/2009/09/15/3
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9513
-
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20
-
https://bugzilla.redhat.com/show_bug.cgi?id=505983
Vendor Advisory
-
http://www.ubuntu.com/usn/USN-852-1
USN-852-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu
-
http://www.openwall.com/lists/oss-security/2009/09/15/1
Jump to