CVE-2009-2698

high

VMware

CVSS v3 Base Score

7.8

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

26.1%

Exploitation probability in 30 days

Top 4% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Confidentiality

High

Integrity

High

Availability

High

Published: August 27, 2009 (6104 days ago)

Last Modified: April 23, 2026

Vendor: VMware

Source: NVD

Description

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

CWE

CWE-476

Affected Products

linux linux kernelcanonical ubuntu linuxsuse linux enterprise desktopsuse linux enterprise serverfedoraproject fedoraredhat enterprise linux desktopredhat enterprise linux eusredhat enterprise linux serverredhat enterprise linux server ausredhat enterprise linux workstation

References

🔗 git.kernel.org 🔗 lists.opensuse.org 🔗 rhn.redhat.com 🔗 rhn.redhat.com 🔗 secunia.com

CVE-2009-2698

Vulnerability Report

Description

CWE

Affected Products

References