CVE-2009-2848

medium

VMware

CVSS v3 Base Score

5.9

AV:L/AC:M/Au:N/C:P/I:P/A:C

EPSS Score

0.1%

Exploitation probability in 30 days

Top 78% most likely to be exploited

Attack Characteristics

Attack Vector

Local

Attack Complexity

Confidentiality

Integrity

Availability

Published: August 18, 2009 (6113 days ago)

Last Modified: April 23, 2026

Vendor: VMware

Source: NVD

Description

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.

CWE

CWE-269

Affected Products

linux linux kernelnovell linux desktopopensuse opensusesuse linux enterprise desktopsuse linux enterprise serverfedoraproject fedoracanonical ubuntu linuxredhat enterprise linux desktopredhat enterprise linux serverredhat enterprise linux workstation

References

🔗 article.gmane.org 🔗 lists.opensuse.org 🔗 lists.opensuse.org 🔗 lists.opensuse.org 🔗 rhn.redhat.com

CVE-2009-2848

Vulnerability Report

Description

CWE

Affected Products

References