ID:10066 - Exploit for Improper input validation in Linux kernel - CVE-2008-0009

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:10066 - Exploit for Improper input validation in Linux kernel - CVE-2008-0009

ID:10066 - Exploit for Improper input validation in Linux kernel - CVE-2008-0009

Published: June 20, 2024


Vulnerability identifier: #VU92861
Vulnerability risk: Low
CVE-ID: CVE-2008-0009
CWE-ID: CWE-20
Exploitation vector: Local access
Vulnerable software:
Linux kernel

Link to public exploit:


Vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.


Remediation

Install update from vendor's repository.