CVE-2009-0835
published 2009-03-06CVE-2009-0835: The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when…
PriorityP416low3.6CVSS 2.0
AVLACLAuNCPIPAN
EXPLOIT
EPSS
0.93%
56.0th percentile
The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.03.6LOWAV:L/AC:L/Au:N/C:P/I:P/A:N
vendor_redhat7.2HIGH
vendor_ubuntu4.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-x75x-89gj-wfcm: The __secure_computing function in kernel/seccomp
ghsa_unreviewed·2022-05-02·CVSS 7.2
CVE-2009-0835 [HIGH] GHSA-x75x-89gj-wfcm: The __secure_computing function in kernel/seccomp
The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2009-04-07·CVSS 4.0
CVE-2009-0029 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
NFS did not correctly handle races between fcntl and interrupts. A local
attacker on an NFS mount could consume unlimited kernel memory, leading to
a denial of service. (CVE-2008-4307)
Sparc syscalls did not correctly check mmap regions. A local attacker could
cause a system panic, leading to a denial of service. (CVE-2008-6107)
In certain situations, cloned processes were able to send signals to parent
processes, crossing privilege boundaries. A local attacker could send
arbitrary signals to parent processes, leading to a denial of service.
(CVE-2009-0028)
The 64-bit syscall interfaces did not correctly handle sign extension. A
local attacker could make malicious syscalls, possibly gaining root
privileges. The
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2009-04-06·CVSS 4.0
CVE-2008-4307 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
NFS did not correctly handle races between fcntl and interrupts. A local
attacker on an NFS mount could consume unlimited kernel memory, leading to
a denial of service. Ubuntu 8.10 was not affected. (CVE-2008-4307)
Sparc syscalls did not correctly check mmap regions. A local attacker
could cause a system panic, leading to a denial of service. Ubuntu 8.10
was not affected. (CVE-2008-6107)
In certain situations, cloned processes were able to send signals to parent
processes, crossing privilege boundaries. A local attacker could send
arbitrary signals to parent processes, leading to a denial of service.
(CVE-2009-0028)
The kernel keyring did not free memory correctly. A local attacker could
consume unlimited kernel
Red Hat
kernel: x86-64: seccomp: 32/64 syscall hole
vendor_redhat·2009-02-25·CVSS 7.2
CVE-2009-0835 [HIGH] kernel: x86-64: seccomp: 32/64 syscall hole
kernel: x86-64: seccomp: 32/64 syscall hole
The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.
Statement: This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5.
No detection rules found.
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.htmlhttp://lkml.org/lkml/2009/2/28/23http://marc.info/?l=linux-kernel&m=123579056530191&w=2http://marc.info/?l=linux-kernel&m=123579069630311&w=2http://marc.info/?l=oss-security&m=123597627132485&w=2http://scary.beasts.org/security/CESA-2009-001.htmlhttp://scary.beasts.org/security/CESA-2009-004.htmlhttp://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-seccomp.htmlhttp://secunia.com/advisories/34084http://secunia.com/advisories/34786http://secunia.com/advisories/34917http://secunia.com/advisories/35121http://secunia.com/advisories/35185http://secunia.com/advisories/35390http://secunia.com/advisories/35394http://www.debian.org/security/2009/dsa-1800http://www.mandriva.com/security/advisories?name=MDVSA-2009:118http://www.redhat.com/support/errata/RHSA-2009-0451.htmlhttp://www.securityfocus.com/bid/33948http://www.ubuntu.com/usn/usn-751-1https://bugzilla.redhat.com/show_bug.cgi?id=487255http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00007.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-05/msg00002.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.htmlhttp://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.htmlhttp://lkml.org/lkml/2009/2/28/23http://marc.info/?l=linux-kernel&m=123579056530191&w=2http://marc.info/?l=linux-kernel&m=123579069630311&w=2http://marc.info/?l=oss-security&m=123597627132485&w=2http://scary.beasts.org/security/CESA-2009-001.htmlhttp://scary.beasts.org/security/CESA-2009-004.htmlhttp://scarybeastsecurity.blogspot.com/2009/02/linux-kernel-minor-seccomp.htmlhttp://secunia.com/advisories/34084http://secunia.com/advisories/34786http://secunia.com/advisories/34917http://secunia.com/advisories/35121http://secunia.com/advisories/35185http://secunia.com/advisories/35390http://secunia.com/advisories/35394http://www.debian.org/security/2009/dsa-1800http://www.mandriva.com/security/advisories?name=MDVSA-2009:118http://www.redhat.com/support/errata/RHSA-2009-0451.htmlhttp://www.securityfocus.com/bid/33948http://www.ubuntu.com/usn/usn-751-1https://bugzilla.redhat.com/show_bug.cgi?id=487255
2009-03-06
Published