CVE-2009-0029

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.

References

http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html

http://marc.info/?l=linux-kernel&m=123155111608910&w=2

http://secunia.com/advisories/33477

http://secunia.com/advisories/33674

http://secunia.com/advisories/34394

http://secunia.com/advisories/34981

http://secunia.com/advisories/35011

http://www.debian.org/security/2009/dsa-1749

http://www.debian.org/security/2009/dsa-1787

http://www.debian.org/security/2009/dsa-1794

http://www.mandriva.com/security/advisories?name=MDVSA-2009:135

http://www.securityfocus.com/bid/33275

https://bugzilla.redhat.com/show_bug.cgi?id=479969

https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html

Details

Source: MITRE

Published: 2009-01-15

Updated: 2018-11-08

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.2

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

Impact Score: 10

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (9 total)

IDNameProductFamilySeverity
79484OracleVM 3.1 : kernel-uek (OVMSA-2012-0042)NessusOracleVM Local Security Checks
high
40248openSUSE Security Update : kernel (kernel-559)NessusSuSE Local Security Checks
high
39444Mandriva Linux Security Advisory : kernel (MDVSA-2009:135)NessusMandriva Local Security Checks
high
38722Debian DSA-1794-1 : linux-2.6 - denial of service/privilege escalation/information leakNessusDebian Local Security Checks
critical
38668Debian DSA-1787-1 : linux-2.6.24 - denial of service/privilege escalation/information leakNessusDebian Local Security Checks
critical
38129Fedora 10 : kernel-2.6.27.12-170.2.5.fc10 (2009-0923)NessusFedora Local Security Checks
critical
36418Ubuntu 6.06 LTS : linux-source-2.6.15 vulnerabilities (USN-752-1)NessusUbuntu Local Security Checks
critical
35987Debian DSA-1749-1 : linux-2.6 - denial of service/privilege escalation/sensitive memory leakNessusDebian Local Security Checks
critical
35464Fedora 9 : kernel-2.6.27.12-78.2.8.fc9 (2009-0816)NessusFedora Local Security Checks
critical