CVE-2009-1041
published 2009-03-26CVE-2009-1041: The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value.
PriorityP432high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
0.78%
51.3th percentile
The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
| freebsd | freebsd | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-vpxw-jphr-pjhp: The ktimer feature (sys/kern/kern_time
ghsa_unreviewed·2022-05-02
CVE-2009-1041 [HIGH] CWE-119 GHSA-vpxw-jphr-pjhp: The ktimer feature (sys/kern/kern_time
The ktimer feature (sys/kern/kern_time.c) in FreeBSD 7.0, 7.1, and 7.2 allows local users to overwrite arbitrary kernel memory via an out-of-bounds timer value.
BSD
FreeBSD-SA-09:06.ktimer: Local privilege escalation
bsd_advisories·2009-03-23·CVSS 7.2
CVE-2009-1041 [HIGH] FreeBSD-SA-09:06.ktimer: Local privilege escalation
FreeBSD-SA-09:06.ktimer Security Advisory
The FreeBSD Project
Topic: Local privilege escalation
Category: core
Module: kern
Announced: 2009-03-23
Affects: FreeBSD 7.x
Corrected: 2009-03-23 00:00:50 UTC (RELENG_7, 7.2-PRERELEASE)
2009-03-23 00:00:50 UTC (RELENG_7_1, 7.1-RELEASE-p4)
2009-03-23 00:00:50 UTC (RELENG_7_0, 7.0-RELEASE-p11)
CVE Name: CVE-2009-1041
For general information regarding FreeBSD Security Advisories,
including descriptions of the fields above, security branches, and the
following sections, please visit .
I. Background
In FreeBSD 7.0, support was introduced for per-process timers as defined
in the POSIX realtime extensions. This allows a process to have a limited
number of timers running at once, with various actions taken when each
timer reaches zero.
II. Problem D
No detection rules found.
No writeups or analysis indexed.
http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.aschttp://www.securityfocus.com/bid/34196http://www.securitytracker.com/id?1021882https://exchange.xforce.ibmcloud.com/vulnerabilities/49362https://www.exploit-db.com/exploits/8261http://security.freebsd.org/advisories/FreeBSD-SA-09:06.ktimer.aschttp://www.securityfocus.com/bid/34196http://www.securitytracker.com/id?1021882https://exchange.xforce.ibmcloud.com/vulnerabilities/49362https://www.exploit-db.com/exploits/8261
2009-03-26
Published