CVE-2009-2407

Name of the Vulnerable Software and Affected Versions SUSE Linux Enterprise kernel-default-base (affected versions not specified) openSUSE kernel-pseries64 (affected versions not specified) openSUSE kernel-s390-debug (affected versions not specified) openSUSE kernel-smp-debuginfo (affected versions not specified) SUSE Linux Enterprise kernel-pae (affected versions not specified) SUSE Linux Enterprise kernel-default-debugsource (affected versions not specified) openSUSE kernel-pmac64 (affected versions not specified) Linux kernel versions prior to 2.6.30.4 openSUSE kexec-tools (affected versions not specified) SUSE Linux Enterprise cluster-network-kmp-pae (affected versions not specified) openSUSE appleir-kmp-debug (affected versions not specified) SUSE Linux Enterprise kernel-pae-extra (affected versions not specified) openSUSE kernel-xenpae (affected versions not specified) SUSE Linux Enterprise kernel-pae-base (affected versions not specified) openSUSE kernel-s390x (affected versions not specified) openSUSE kernel-s390x-debug (affected versions not specified) openSUSE kernel-64k-pagesize (affected versions not specified) openSUSE acx-kmp-debug (affected versions not specified) openSUSE pcc-acpi-kmp-debug (affected versions not specified) openSUSE kexec-tools-debuginfo (affected versions not specified) SUSE Linux Enterprise kernel-ec2-base (affected versions not specified) openSUSE um-host-install-initrd (affected versions not specified) openSUSE kernel-vmipae (affected versions not specified) SUSE Linux Enterprise ext4dev-kmp-default (affected versions not specified) openSUSE kernel-iseries64-debuginfo (affected versions not specified) openSUSE um-host-kernel (affected versions not specified) openSUSE kernel-smp (affected versions not specified) SUSE Linux Enterprise kernel-ec2 (affected versions not specified) SUSE Linux Enterprise ocfs2-kmp-xen (affected versions not specified) SUSE Linux Enterprise ocfs2-kmp-default (affected versions not specified) SUSE Linux Enterprise cluster-network-kmp-xen (affected versions not specified) openSUSE kernel-um (affected versions not specified) openSUSE uvcvideo-kmp-debug (affected versions not specified) SUSE Linux Enterprise ext4dev-kmp-ppc64 (affected versions not specified) openSUSE kernel-iseries64 (affected versions not specified) SUSE Linux Enterprise kernel-default-extra (affected versions not specified) openSUSE acerhk-kmp-debug (affected versions not specified) openSUSE kernel-sn2 (affected versions not specified) openSUSE kernel-s390 (affected versions not specified) SUSE Linux Enterprise kernel-xen-base (affected versions not specified) openSUSE wlan-ng-kmp-debug (affected versions not specified) SUSE Linux Enterprise kexec-tools-debuginfo (affected versions not specified) openSUSE kernel-xenpae-debuginfo (affected versions not specified) SUSE Linux Enterprise kernel-ppc64-debugsource (affected versions not specified) SUSE Linux Enterprise kernel-xen-extra (affected versions not specified) SUSE Linux Enterprise kernel-kdump-debugsource (affected versions not specified) openSUSE tpctl-kmp-debug (affected versions not specified) SUSE Linux Enterprise cluster-network-kmp-default (affected versions not specified) openSUSE gspcav-kmp-debug (affected versions not specified) openSUSE kernel-bigsmp (affected versions not specified) SUSE Linux Enterprise ocfs2-kmp-pae (affected versions not specified) openSUSE kernel-bigsmp-debuginfo (affected versions not specified) openSUSE nouveau-kmp-debug (affected versions not specified) SUSE Linux Enterprise kernel-ppc64-base (affected versions not specified) openSUSE at76 usb-kmp-debug (affected versions not specified) openSUSE atl2-kmp-debug (affected versions not specified)

Description The issue involves multiple vulnerabilities in various kernel packages of SUSE Linux Enterprise and openSUSE operating systems. These vulnerabilities can be exploited remotely, potentially leading to a denial of service or disruption of protected information. The vulnerabilities are related to a heap-based buffer overflow in the parse tag 3 packet function in the eCryptfs subsystem of the Linux kernel. This can cause a system crash or possibly allow local users to gain privileges via crafted eCryptfs files.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.