VDB
CVE-2009-1046
CVE-2009-1046
PUBLISHED
CVSS 4.699999809265137 MEDIUM
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.
EPSS 0.30% · 53.3th percentile
Risk Scores
CVSS 2.0
4.699999809265137
EPSS Score
0.30%
53.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 2.6.25, 2.6.28, 2.6.28.2 |
| n/a | n/a | n/a |
Exploit Intelligence
- CIRCL confirmed: CVE-2009-1046 (circl-sighting)
- [oss-security] 20090212 Re: http://www.securityfocus.com/bid/33672/info kernel issue (circl)
- DSA-1787 (circl)
- 33672 (circl)
- USN-751-1 (circl)
- [linux-kernel] 20090202 Re: [PATCH] Fix memory corruption in console selection (circl)
- 34981 (circl)
- [oss-security] 20090212 Re: http://www.securityfocus.com/bid/33672/info kernel (circl)
- DSA-1800 (circl)
- 34917 (circl)
…and 7 more exploits
Timeline
- Mar 23, 2009 CVE Published
- Jul 8, 2009 PoC Published
- Jul 9, 2009 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.4 url
- [oss-security] 20090212 http://www.securityfocus.com/bid/33672/info kernel issue mailing-list
- [oss-security] 20090212 Re: http://www.securityfocus.com/bid/33672/info kernel mailing-list
- 33672 vdb
- USN-751-1 vendor-advisory
- [linux-kernel] 20090202 Re: [PATCH] Fix memory corruption in console selection mailing-list
- 34981 third-party-advisory
- DSA-1800 vendor-advisory
- [oss-security] 20090212 Re: http://www.securityfocus.com/bid/33672/info kernel issue mailing-list
- 34917 third-party-advisory
- DSA-1787 vendor-advisory
- RHSA-2009:0451 vendor-advisory
- [linux-kernel] 20090130 [PATCH] Fix memory corruption in console selection mailing-list
- 35121 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-1046 advisory