Input validation error in Linux kernel - CVE-2009-4538
Published: January 12, 2010 / Updated: November 16, 2018
Vulnerability identifier: #VU94168
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2009-4538
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
drivers/net/e1000e/netdev.c in the e1000e driver in the Linux kernel 2.6.32.3 and earlier does not properly check the size of an Ethernet frame that exceeds the MTU, which allows remote attackers to have an unspecified impact via crafted packets, a related issue to CVE-2009-4537.
How to mitigate CVE-2009-4538
Install update from vendor's website.
Sources
- http://lists.fedoraproject.org/pipermail/package-announce/2010-February/035159.html
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00008.html
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.html
- http://secunia.com/advisories/38031
- http://secunia.com/advisories/38276
- http://secunia.com/advisories/38296
- http://secunia.com/advisories/38492
- http://secunia.com/advisories/38610
- http://secunia.com/advisories/38779
- http://securitytracker.com/id?1023420
- http://www.debian.org/security/2010/dsa-1996
- http://www.debian.org/security/2010/dsa-2005
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:066
- http://www.openwall.com/lists/oss-security/2009/12/28/1
- http://www.openwall.com/lists/oss-security/2009/12/29/2
- http://www.openwall.com/lists/oss-security/2009/12/31/1
- http://www.redhat.com/support/errata/RHSA-2010-0019.html
- http://www.redhat.com/support/errata/RHSA-2010-0020.html
- http://www.redhat.com/support/errata/RHSA-2010-0041.html
- http://www.redhat.com/support/errata/RHSA-2010-0053.html
- http://www.redhat.com/support/errata/RHSA-2010-0111.html
- http://www.securityfocus.com/bid/37523
- https://bugzilla.redhat.com/show_bug.cgi?id=551214
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55645
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7016
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9702
- https://rhn.redhat.com/errata/RHSA-2010-0095.html