CVE-2009-2903 — Missing Release of Resource after Effective Lifetime in Kernel

CWE-772 — Missing Release of Resource after Effective Lifetime6 documents6 sources

Severity

7.1HIGHNVD

EPSS

3.8%

top 11.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Canonical Ubuntu Linux Suse Linux Enterprise Debuginfo +3 more

Timeline

PublishedSep 15

Latest updateMay 2

Description

Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (memory consumption) via IP-DDP datagrams.

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages5 packages

▶NVDlinux/linux_kernel2.4.0 — 2.4.37.6+1

▶NVDsuse/linux_enterprise_server10, 9+1

▶NVDsuse/linux_enterprise_desktop10

▶NVDsuse/linux_enterprise_debuginfo10

▶NVDsuse/linux_enterprise_software_development_kit10

Also affects: Ubuntu Linux 6.06, 8.04, 8.10, 9.04

🔴Vulnerability Details

GHSA

GHSA-q9qh-2r93-gfjh: Memory leak in the appletalk subsystem in the Linux kernel 2↗2022-05-02

▶

CVEList

CVE-2009-2903: Memory leak in the appletalk subsystem in the Linux kernel 2↗2009-09-15

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2009-10-22

▶

Red Hat

kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams↗2009-09-11

▶

💬Community

Bugzilla

CVE-2009-2903 kernel: appletalk: denial of service when handling IP tunnelled over DDP datagrams↗2009-09-10

▶