PT-2009-5257 · Linux · Linux Kernel
Mark Smith
·
Published
2009-09-15
·
Updated
2023-02-13
·
CVE-2009-2903
CVSS v2.0
7.1
High
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions:
Linux kernel versions 2.4.x through 2.4.37.6
Linux kernel versions 2.6.x through 2.6.31
Description:
A memory leak issue exists in the appletalk subsystem of the Linux kernel. This occurs when the appletalk and ipddp modules are loaded, but the ipddp"N" device is not found. As a result, remote attackers can cause a denial of service by consuming memory via IP-DDP datagrams.
Recommendations:
For Linux kernel versions 2.4.x through 2.4.37.6, consider disabling the appletalk and ipddp modules until a patch is available.
For Linux kernel versions 2.6.x through 2.6.31, consider disabling the appletalk and ipddp modules until a patch is available.
As a temporary workaround, restrict access to the ipddp module to minimize the risk of exploitation.
Fix
Missing Release of Resource after Effective Lifetime
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Linux Kernel