Back to search
CVE-2009-1046
Published: Mar 23, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4
x_refsource_CONFIRM
[oss-security] 20090212 http://www.securityfocus.com/bid/33672/info kernel issue
mailing-list
x_refsource_MLIST
[oss-security] 20090212 Re: http://www.securityfocus.com/bid/33672/info kernel
mailing-list
x_refsource_MLIST
33672
vdb-entry
x_refsource_BID
USN-751-1
vendor-advisory
x_refsource_UBUNTU
[linux-kernel] 20090202 Re: [PATCH] Fix memory corruption in console selection
mailing-list
x_refsource_MLIST
34981
third-party-advisory
x_refsource_SECUNIA
DSA-1800
vendor-advisory
x_refsource_DEBIAN
[oss-security] 20090212 Re: http://www.securityfocus.com/bid/33672/info kernel issue
mailing-list
x_refsource_MLIST
34917
third-party-advisory
x_refsource_SECUNIA
DSA-1787
vendor-advisory
x_refsource_DEBIAN
RHSA-2009:0451
vendor-advisory
x_refsource_REDHAT
[linux-kernel] 20090130 [PATCH] Fix memory corruption in console selection
mailing-list
x_refsource_MLIST
35121
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now