CVE-2009-2857

CWE-6673 documents3 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 70.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Oracle Opensolaris Oracle Solaris

Timeline

PublishedAug 19

Latest updateMay 2

Description

The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory implementations, which allows local users to cause a denial of service (deadlock and system halt) via vectors involving mmap and write operations on the same file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

▶NVDoracle/opensolaris< snv_103

▶NVDoracle/solaris10, 8, 9+2

Patches

Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗Patch: sunsolve.sun.com ↗

🔴Vulnerability Details

GHSA

GHSA-4r97-p529-3c59: The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory↗2022-05-02

▶

CVEList

CVE-2009-2857: The kernel in Sun Solaris 8, 9, and 10, and OpenSolaris before snv_103, does not properly handle interaction between the filesystem and virtual-memory↗2009-08-19

▶