Vulnerability Details : CVE-2009-1883
The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage.
Exploit prediction scoring system (EPSS) score for CVE-2009-1883
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2009-1883
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.4
|
MEDIUM | AV:L/AC:M/Au:N/C:P/I:P/A:P |
3.4
|
6.4
|
nvd@nist.gov |
CWE ids for CVE-2009-1883
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-1883
-
Red Hat 2009-09-22This issue did not affect kernel packages as shipped in Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 1. It was addressed in Red Hat Enterprise Linux 4 via https://rhn.redhat.com/errata/RHSA-2009-1438.html . This issue has been rated as having moderate security impact. It is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/
-
http://www.redhat.com/support/errata/RHSA-2009-1438.html
Vendor Advisory
-
http://www.openwall.com/lists/oss-security/2009/09/15/3
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9513
-
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
[security-announce] SUSE Security Announcement: Linux kernel (SUSE-SA:20
-
https://bugzilla.redhat.com/show_bug.cgi?id=505983
Vendor Advisory
- http://www.ubuntu.com/usn/USN-852-1
-
http://www.openwall.com/lists/oss-security/2009/09/15/1
- cpe:2.3:o:linux:linux_kernel:2.6.9:*:*:*:*:*:*:*