Main Vulnerability Database Exploits ID:10366 - Exploit for Use of uninitialized resource in Linux kernel - CVE-2009-2692

ID:10366 - Exploit for Use of uninitialized resource in Linux kernel - CVE-2009-2692

Published: August 10, 2024

Vulnerability identifier: #VU95733

Vulnerability risk: Low

CVE-ID: CVE-2009-2692

CWE-ID: CWE-908

Exploitation vector: Local access

Vulnerable software:
Linux kernel

Link to public exploit:

https://www.exploit-db.com/exploits/9477/

Vulnerability description

The vulnerability allows a local user to execute arbitrary code.

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

Remediation

Install update from vendor's repository.

ID:10366 - Exploit for Use of uninitialized resource in Linux kernel - CVE-2009-2692

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human