PT-2009-4347 · Linux+1 · Linux Kernel+1

Solar Designer

Published

2009-09-15

Updated

2017-09-29

CVE-2009-1883

CVSS v2.0

4.4

Medium

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Linux kernel version 2.6.9

Description: The issue concerns the z90crypt unlocked ioctl function in the z90crypt driver, which fails to perform a capability check for the Z90QUIESCE operation. This allows local users with euid 0 privileges to cause a driver outage.

Recommendations: For Linux kernel version 2.6.9, consider disabling the z90crypt driver or restricting its use to prevent exploitation until a fix is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2009-1883

DSA-1929-1

RHSA-2009:1438

RHSA-2009_1438

Affected Products

Linux Kernel

Red Hat

PT-2009-4347 · Linux+1 · Linux Kernel+1

CVE-2009-1883

Weakness Enumeration

Related Identifiers

Affected Products

References · 75