Main Vulnerability Database SB2009091701

SB2009091701 - Memory corruption in Linux kernel

Published: September 17, 2009 Updated: June 20, 2024

Security Bulletin ID SB2009091701

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Memory corruption (CVE-ID: CVE-2009-3234)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) and execute arbitrary code via a 'big size data' to the perf_counter_open system call.

Remediation

Install update from vendor's website.

References

http://article.gmane.org/gmane.linux.kernel/890654
http://www.openwall.com/lists/oss-security/2009/09/16/1
http://www.openwall.com/lists/oss-security/2009/09/17/13
http://www.securityfocus.com/bid/36423