CVE-2009-3888
published 2009-11-16CVE-2009-3888: The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial…
PriorityP417medium4.9CVSS 2.0
AVLACLAuNCNINAC
EXPLOIT
EPSS
0.75%
50.3th percentile
The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory.
Affected
321 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| linux | linux_kernel | <= 2.6.31.5 | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
| linux | linux_kernel | — | — |
CVSS provenance
nvdv2.04.9MEDIUMAV:L/AC:L/Au:N/C:N/I:N/A:C
vendor_redhat4.9MEDIUM
vendor_ubuntu4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Linux kernel vulnerabilities
vendor_ubuntu·2009-12-05·CVSS 4.9
CVE-2009-3726 [MEDIUM] Linux kernel vulnerabilities
Title: Linux kernel vulnerabilities
Summary: Linux kernel vulnerabilities
It was discovered that the AX.25 network subsystem did not correctly
check integer signedness in certain setsockopt calls. A local attacker
could exploit this to crash the system, leading to a denial of service.
Ubuntu 9.10 was not affected. (CVE-2009-2909)
Jan Beulich discovered that the kernel could leak register contents to
32-bit processes that were switched to 64-bit mode. A local attacker
could run a specially crafted binary to read register values from an
earlier process, leading to a loss of privacy. (CVE-2009-2910)
Dave Jones discovered that the gdth SCSI driver did not correctly validate
array indexes in certain ioctl calls. A local attacker could exploit
this to crash the system or gain elevated privil
Red Hat
CVE-2009-3888: The do_mmap_pgoff function in mm/nommu
vendor_redhat·CVSS 4.9
CVE-2009-3888 [MEDIUM] CVE-2009-3888: The do_mmap_pgoff function in mm/nommu
The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory.
Statement: Not vulnerable. The Linux kernels as shipped with Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG did not have MMU disabled, and therefore are not affected by this issue.
GHSA
GHSA-fxfp-pf9r-cm69: The do_mmap_pgoff function in mm/nommu
ghsa_unreviewed·2022-05-02
CVE-2009-3888 [MEDIUM] GHSA-fxfp-pf9r-cm69: The do_mmap_pgoff function in mm/nommu
The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory.
No detection rules found.
No writeups or analysis indexed.
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89a8640279f8bb78aaf778d1fc5c4a6778f18064http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6http://www.openwall.com/lists/oss-security/2009/11/09/2http://www.openwall.com/lists/oss-security/2009/11/13/3http://www.ubuntu.com/usn/usn-864-1http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=89a8640279f8bb78aaf778d1fc5c4a6778f18064http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.6http://www.openwall.com/lists/oss-security/2009/11/09/2http://www.openwall.com/lists/oss-security/2009/11/13/3http://www.ubuntu.com/usn/usn-864-1
2009-11-16
Published