CVE-2009-1897

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.30 and 2.6.30.1

Description: The issue allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun. This is due to the tun chr poll function in drivers/net/tun.c in the tun subsystem.

Recommendations: For Linux kernel versions 2.6.30 and 2.6.30.1, consider compiling the kernel with the -fno-delete-null-pointer-checks gcc option to mitigate the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.