CVE-2009-2767

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.31-rc6

Description The issue allows local users to cause a denial of service or possibly gain privileges via a specific clock nanosleep call that triggers a NULL pointer dereference. This is related to the init posix timers function in kernel/posix-timers.c.

Recommendations For versions prior to 2.6.31-rc6, update to version 2.6.31-rc6 or later to resolve the issue. As a temporary workaround, consider restricting access to the CLOCK MONOTONIC RAW clock to minimize the risk of exploitation.