Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-2692

CWE-908 — Use of Uninitialized Resource CWE-119 — Buffer Overflow CWE-456 CWE-476 — NULL Pointer Dereference14 documents7 sources

Severity

7.8HIGH

EPSS

17.6%

top 4.91%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Linux Linux Kernel Debian Debian Linux Redhat Enterprise Linux Desktop +5 more

Timeline

PublishedAug 14

Latest updateMay 2

Description

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages5 packages

▶NVDlinux/linux_kernel2.4.4 — 2.4.37.5+1

▶NVDredhat/enterprise_linux_server4.0, 5.0+1

▶NVDredhat/enterprise_linux_desktop4.0, 5.0+1

▶NVDsuse/linux_enterprise_real_time10

▶NVDredhat/enterprise_linux_workstation4.0, 5.0+1

Also affects: Debian Linux 4.0, Enterprise Linux 4.8, 5.3

Patches

Patch: www.openwall.com ↗Patch: www.vupen.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-j86m-g62r-5g7r: The Linux kernel 2↗2022-05-02

▶

CVEList

CVE-2009-2692: The Linux kernel 2↗2009-08-14

▶

VulnCheck

Linux Kernel Use of Uninitialized Resource↗2009

▶

💥Exploits & PoCs

Exploit-DB

Linux Kernel 2.4.4 < 2.4.37.4 / 2.6.0 < 2.6.30.4 - 'Sendpage' Local Privilege Escalation (Metasploit)↗2012-07-19

▶

Exploit-DB

Linux Kernel 2.4/2.6 - 'sock_sendpage()' Local Privilege Escalation (3)↗2009-09-11

▶

Exploit-DB

Linux Kernel 2.4/2.6 (Fedora 11) - 'sock_sendpage()' Local Privilege Escalation (2)↗2009-09-09

▶

Exploit-DB

Linux Kernel 2.4.x/2.6.x (CentOS 4.8/5.3 / RHEL 4.8/5.3 / SuSE 10 SP2/11 / Ubuntu 8.10) (PPC) - 'sock_sendpage()' Local Privilege Escalation↗2009-08-31

▶

Exploit-DB

Linux Kernel 2.4/2.6 (RedHat Linux 9 / Fedora Core 4 < 11 / Whitebox 4 / CentOS 4) - 'sock_sendpage()' Ring0 Privilege Escalation (5)↗2009-08-24

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerability↗2009-08-19

▶

Red Hat

kernel: uninit op in SOCKOPS_WRAP() leads to privesc↗2009-08-13

▶