CVE-2009-1385

Public Exploit

Description

Integer underflow in the e1000_clean_rx_irq function in drivers/net/e1000/e1000_main.c in the e1000 driver in the Linux kernel before 2.6.30-rc8, the e1000e driver in the Linux kernel, and Intel Wired Ethernet (aka e1000) before 7.5.5 allows remote attackers to cause a denial of service (panic) via a crafted frame size.

Category

7.8
CVSS
Severity: High
CVSS 2.0 •
EPSS 10.76% Top 10%
Vendor Advisory mandriva.com Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory mandriva.com Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory ubuntu.com Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory secunia.com Vendor Advisory kernel.org
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://secunia.com/advisories/35265 third party advisory vendor advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:135 vendor advisory
http://www.debian.org/security/2009/dsa-1865 vendor advisory
http://www.securityfocus.com/archive/1/512019/100/0/threaded mailing list
http://wiki.rpath.com/Advisories:rPSA-2009-0111
http://sourceforge.net/project/shownotes.php?release_id=504022&group_id=42302 patch
http://secunia.com/advisories/36131 third party advisory
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01048.html vendor advisory
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01094.html vendor advisory
http://secunia.com/advisories/37471 third party advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:148 vendor advisory
http://secunia.com/advisories/35656 third party advisory
http://www.debian.org/security/2009/dsa-1844 vendor advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.html
http://www.redhat.com/support/errata/RHSA-2009-1193.html vendor advisory
http://www.intel.com/support/network/sb/CS-030543.htm
http://secunia.com/advisories/35566 third party advisory
http://osvdb.org/54892 vdb entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11598 signature vdb entry
http://www.redhat.com/support/errata/RHSA-2009-1157.html vendor advisory
http://www.securityfocus.com/bid/35185 vdb entry
http://www.securityfocus.com/archive/1/505254/100/0/threaded mailing list
http://secunia.com/advisories/35623 third party advisory
http://www.securityfocus.com/archive/1/507985/100/0/threaded mailing list
http://secunia.com/advisories/36051 third party advisory
http://secunia.com/advisories/36327 third party advisory
http://www.ubuntu.com/usn/usn-793-1 vendor advisory
https://bugzilla.redhat.com/show_bug.cgi?id=502981 patch exploit
http://www.openwall.com/lists/oss-security/2009/06/03/2 mailing list
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11681 signature vdb entry
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc8 patch vendor advisory
https://rhn.redhat.com/errata/RHSA-2009-1550.html vendor advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8340 signature vdb entry
https://www.redhat.com/archives/fedora-package-announce/2009-June/msg01193.html vendor advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ea30e11970a96cfe5e32c03a29332554573b4a10
http://lists.opensuse.org/opensuse-security-announce/2009-07/msg00004.html vendor advisory
http://www.vupen.com/english/advisories/2009/3316 vdb entry
http://secunia.com/advisories/35847 third party advisory

Frequently Asked Questions

What is the severity of CVE-2009-1385?
CVE-2009-1385 has been scored as a high severity vulnerability.
How to fix CVE-2009-1385?
To fix CVE-2009-1385, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2009-1385 being actively exploited in the wild?
It is possible that CVE-2009-1385 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~11% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.