CVE-2009-2692

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.4.4 through 2.4.37.4 Linux kernel versions 2.6.0 through 2.6.30.4 kernel-default-base (affected versions not specified) kernel-pseries64 (affected versions not specified) kernel-s390-debug (affected versions not specified) kernel-smp-debuginfo (affected versions not specified) kernel-pae (affected versions not specified) kernel-default-debugsource (affected versions not specified) kernel-pmac64 (affected versions not specified) kexec-tools (affected versions not specified) cluster-network-kmp-pae (affected versions not specified) appleir-kmp-debug (affected versions not specified) kernel-pae-extra (affected versions not specified) kernel-xenpae (affected versions not specified) kernel-pae-base (affected versions not specified) kernel-s390x (affected versions not specified) kernel-s390x-debug (affected versions not specified) kernel-64k-pagesize (affected versions not specified) acx-kmp-debug (affected versions not specified) pcc-acpi-kmp-debug (affected versions not specified) kexec-tools-debuginfo (affected versions not specified) kernel-ec2-base (affected versions not specified) um-host-install-initrd (affected versions not specified) kernel-vmipae (affected versions not specified) ext4dev-kmp-default (affected versions not specified) kernel-iseries64-debuginfo (affected versions not specified) um-host-kernel (affected versions not specified) kernel-smp (affected versions not specified) kernel-ec2 (affected versions not specified) ocfs2-kmp-xen (affected versions not specified) ocfs2-kmp-default (affected versions not specified) cluster-network-kmp-xen (affected versions not specified) kernel-um (affected versions not specified) uvcvideo-kmp-debug (affected versions not specified) ext4dev-kmp-ppc64 (affected versions not specified) kernel-iseries64 (affected versions not specified) kernel-default-extra (affected versions not specified) acerhk-kmp-debug (affected versions not specified) kernel-sn2 (affected versions not specified) kernel-s390 (affected versions not specified) kernel-xen-base (affected versions not specified) wlan-ng-kmp-debug (affected versions not specified) kexec-tools-debuginfo (affected versions not specified) kernel-xenpae-debuginfo (affected versions not specified) kernel-ppc64-debugsource (affected versions not specified) kernel-xen-extra (affected versions not specified) kernel-kdump-debugsource (affected versions not specified) tpctl-kmp-debug (affected versions not specified) cluster-network-kmp-default (affected versions not specified) kernel-bigsmp (affected versions not specified) gspcav-kmp-debug (affected versions not specified) ocfs2-kmp-pae (affected versions not specified) nouveau-kmp-debug (affected versions not specified) kernel-bigsmp-debuginfo (affected versions not specified) kernel-ppc64-base (affected versions not specified) at76 usb-kmp-debug (affected versions not specified) atl2-kmp-debug (affected versions not specified)

Description The issue is related to multiple vulnerabilities in the Linux kernel, which can be exploited to gain privileges and disrupt the availability of protected information. The vulnerabilities can be exploited remotely. Local users can trigger a NULL pointer dereference by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, such as the sendpage operation (sock sendpage function) on a PF PPPOX socket.

Recommendations As a temporary workaround, consider disabling the sock sendpage function until a patch is available. Restrict access to the vulnerable kernel modules to minimize the risk of exploitation. Avoid using the mmap function to map page zero until the issue is resolved. Update the Linux kernel to a version that contains a fix for this issue, if available. For each affected package, apply the recommended fix or patch, if available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.