CVE-2009-2692

7.8 HIGH

Published: August 14, 2009 Modified: April 23, 2026

Description

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html

Source: cve@mitre.org

Broken Link Exploit

http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html

Source: cve@mitre.org

Exploit Issue Tracking

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3

Source: cve@mitre.org

Broken Link

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98

Source: cve@mitre.org

Broken Link

http://grsecurity.net/~spender/wunderbar_emporium.tgz

Source: cve@mitre.org

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html

Source: cve@mitre.org

Mailing List

http://rhn.redhat.com/errata/RHSA-2009-1222.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2009-1223.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/36278

Source: cve@mitre.org

Broken Link Vendor Advisory

http://secunia.com/advisories/36289

Source: cve@mitre.org

Broken Link Vendor Advisory

http://secunia.com/advisories/36327

Source: cve@mitre.org

Broken Link Vendor Advisory

http://secunia.com/advisories/36430

Source: cve@mitre.org

Broken Link Vendor Advisory

http://secunia.com/advisories/37298

Source: cve@mitre.org

Broken Link Vendor Advisory

http://secunia.com/advisories/37471

Source: cve@mitre.org

Broken Link Vendor Advisory

http://support.avaya.com/css/P8/documents/100067254

Source: cve@mitre.org

Third Party Advisory

http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121

Source: cve@mitre.org

Broken Link

http://www.debian.org/security/2009/dsa-1865

Source: cve@mitre.org

Mailing List Third Party Advisory

http://www.exploit-db.com/exploits/19933

Source: cve@mitre.org

Exploit Third Party Advisory VDB Entry

http://www.exploit-db.com/exploits/9477

Source: cve@mitre.org

Third Party Advisory VDB Entry

http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5

Source: cve@mitre.org

Broken Link Vendor Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5

Source: cve@mitre.org

Broken Link Vendor Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6

Source: cve@mitre.org

Broken Link Vendor Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2009:233

Source: cve@mitre.org

Broken Link

http://www.openwall.com/lists/oss-security/2009/08/14/1

Source: cve@mitre.org

Mailing List Patch

http://www.redhat.com/support/errata/RHSA-2009-1233.html

Source: cve@mitre.org

Broken Link

http://www.securityfocus.com/archive/1/505751/100/0/threaded

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

http://www.securityfocus.com/archive/1/505912/100/0/threaded

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

http://www.securityfocus.com/archive/1/507985/100/0/threaded

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

http://www.securityfocus.com/archive/1/512019/100/0/threaded

Source: cve@mitre.org

Broken Link Third Party Advisory VDB Entry

http://www.securityfocus.com/bid/36038

Source: cve@mitre.org

Broken Link Exploit Third Party Advisory VDB Entry

http://www.vmware.com/security/advisories/VMSA-2009-0016.html

Source: cve@mitre.org

Third Party Advisory

http://www.vupen.com/english/advisories/2009/2272

Source: cve@mitre.org

Broken Link Patch Vendor Advisory

http://www.vupen.com/english/advisories/2009/3316

Source: cve@mitre.org

Broken Link Vendor Advisory

http://zenthought.org/content/file/android-root-2009-08-16-source

Source: cve@mitre.org

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=516949

Source: cve@mitre.org

Issue Tracking Patch

https://issues.rpath.com/browse/RPL-3103

Source: cve@mitre.org

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526

Source: cve@mitre.org

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591

Source: cve@mitre.org

Broken Link

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657

Source: cve@mitre.org

Broken Link

http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html