CVE-2009-2692

Public Exploit

Description

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

Category

7.8
CVSS
Severity: High
CVSS 3.1 •
CVSS 2.0 •
EPSS 18.51% Top 10%
Vendor Advisory redhat.com Vendor Advisory debian.org Vendor Advisory redhat.com Vendor Advisory redhat.com Vendor Advisory opensuse.org Vendor Advisory mandriva.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory secunia.com Vendor Advisory kernel.org Vendor Advisory kernel.org Vendor Advisory kernel.org Vendor Advisory vupen.com Vendor Advisory vupen.com
Affected: n/a n/a
Published at:
Updated at:

References

Link Tags
http://www.redhat.com/support/errata/RHSA-2009-1233.html vendor advisory broken link
http://secunia.com/advisories/36278 vendor advisory broken link third party advisory
http://www.debian.org/security/2009/dsa-1865 vendor advisory mailing list third party advisory
http://rhn.redhat.com/errata/RHSA-2009-1223.html third party advisory vendor advisory
http://www.securityfocus.com/archive/1/512019/100/0/threaded broken link mailing list third party advisory vdb entry
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5 vendor advisory broken link
http://secunia.com/advisories/37298 vendor advisory broken link third party advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121 broken link
http://secunia.com/advisories/36430 vendor advisory broken link third party advisory
http://secunia.com/advisories/37471 vendor advisory broken link third party advisory
http://rhn.redhat.com/errata/RHSA-2009-1222.html third party advisory vendor advisory
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.html broken link mailing list exploit
https://bugzilla.redhat.com/show_bug.cgi?id=516949 patch issue tracking
https://issues.rpath.com/browse/RPL-3103 broken link
http://www.vmware.com/security/advisories/VMSA-2009-0016.html third party advisory
http://www.exploit-db.com/exploits/19933 third party advisory vdb entry exploit
http://www.vupen.com/english/advisories/2009/2272 patch vendor advisory broken link vdb entry
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.html vendor advisory mailing list
http://www.securityfocus.com/archive/1/505751/100/0/threaded broken link mailing list third party advisory vdb entry
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98 broken link
http://secunia.com/advisories/36289 vendor advisory broken link third party advisory
http://www.securityfocus.com/archive/1/507985/100/0/threaded broken link mailing list third party advisory vdb entry
http://secunia.com/advisories/36327 vendor advisory broken link third party advisory
http://support.avaya.com/css/P8/documents/100067254 third party advisory
http://grsecurity.net/~spender/wunderbar_emporium.tgz broken link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591 signature vdb entry broken link
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3 broken link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526 signature vdb entry broken link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:233 vendor advisory broken link
http://www.exploit-db.com/exploits/9477 third party advisory vdb entry exploit
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.html issue tracking exploit
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6 vendor advisory broken link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657 signature vdb entry broken link
http://www.openwall.com/lists/oss-security/2009/08/14/1 patch mailing list
http://www.securityfocus.com/bid/36038 vdb entry exploit broken link third party advisory
http://www.securityfocus.com/archive/1/505912/100/0/threaded broken link mailing list third party advisory vdb entry
http://zenthought.org/content/file/android-root-2009-08-16-source broken link
http://www.vupen.com/english/advisories/2009/3316 vendor advisory broken link vdb entry
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5 vendor advisory broken link

Frequently Asked Questions

What is the severity of CVE-2009-2692?
CVE-2009-2692 has been scored as a high severity vulnerability.
How to fix CVE-2009-2692?
To fix CVE-2009-2692, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2009-2692 being actively exploited in the wild?
It is possible that CVE-2009-2692 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~19% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.