Back to search
CVE-2009-1897
Published: Jul 20, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2009-1925
vdb-entry
x_refsource_VUPEN
http://isc.sans.org/diary.html?storyid=6820
x_refsource_MISC
http://grsecurity.net/~spender/cheddar_bay.tgz
x_refsource_MISC
[oss-security] 20090717 Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable
mailing-list
x_refsource_MLIST
20090716 Re: Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable
mailing-list
x_refsource_FULLDISC
linux-kernel-tunchrpoll-code-execution(51803)
vdb-entry
x_refsource_XF
[netdev] 20090409 Oops in tun: bisected to Limit amount of queued packets per device
mailing-list
x_refsource_MLIST
35839
third-party-advisory
x_refsource_SECUNIA
https://bugzilla.redhat.com/show_bug.cgi?id=512284
x_refsource_CONFIRM
[linux-kernel] 20090706 Re: PROBLEM: tun/tap crashes if open() /dev/net/tun and then poll() it.
mailing-list
x_refsource_MLIST
20090716 Linux 2.6.30+/SELinux/RHEL5 test kernel 0day, exploiting the unexploitable
mailing-list
x_refsource_FULLDISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now