Vulnerability Details : CVE-2009-2768
The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer."
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2009-2768
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc1:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*
Threat overview for CVE-2009-2768
Top countries where our scanners detected CVE-2009-2768
Top open port discovered on systems with this issue
52869
IPs affected by CVE-2009-2768 14,568
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-2768!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-2768
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 22 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-2768
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.2
|
HIGH | AV:L/AC:L/Au:N/C:C/I:C/A:C |
3.9
|
10.0
|
NIST | |
|
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2009-2768
-
The product dereferences a pointer that it expects to be valid but is NULL.Assigned by: nvd@nist.gov (Primary)
-
The product accesses or uses a pointer that has not been initialized.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-2768
-
Red Hat 2009-08-18Not vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. Red Hat does not provide support for flat binary support, and additionally this issue only affected kernels version 2.6.29-rc1 and later.
References for CVE-2009-2768
-
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
mandriva.comBroken Link
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3440625d78711bee41a84cf29c3d8c579b522666
Broken Link
-
http://www.securityfocus.com/bid/36037
Broken Link;Third Party Advisory;VDB Entry
-
http://www.openwall.com/lists/oss-security/2009/08/13/1
oss-security - CVE request: kernel: flat: fix uninitialized ptr with shared libsMailing List;Patch;Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3440625d78711bee41a84cf29c3d8c579b522666
Mailing List;Patch;Vendor Advisory
-
http://secunia.com/advisories/36278
About Secunia Research | FlexeraBroken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5
404: File not foundBroken Link
-
http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905
Broken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6
404: File not foundBroken Link
-
http://lkml.org/lkml/2009/6/22/91
LKML: Bernd Schmidt: Fix for shared flat binary format in 2.6.30Mailing List;Patch;Third Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/52909
Linux Kernel load_flat_shared_library denial of service CVE-2009-2768 Vulnerability ReportThird Party Advisory;VDB Entry
Jump to