CVE-2009-1883 — Vulnetix

CVE-2009-1883 PUBLISHED

Reported by redhat · Published September 18, 2009

The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage.

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
n/a	n/a	*, n/a

Timeline

Sep 18, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 4, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 9, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 3, 2023 EPSS Score
May 25, 2023 EPSS Score

References

[oss-security] 20090915 CVE-2009-1883 kernel: missing capability check in z90crypt mailing-listx_refsource_MLIST
oval:org.mitre.oval:def:9513 vdb-entrysignaturex_refsource_OVAL
USN-852-1 vendor-advisoryx_refsource_UBUNTU
36759 third-party-advisoryx_refsource_SECUNIA
x_refsource_CONFIRM
[oss-security] 20090915 Re: CVE-2009-1883 kernel: missing capability check in z90crypt mailing-listx_refsource_MLIST
SUSE-SA:2010:013 vendor-advisoryx_refsource_SUSE
RHSA-2009:1438 vendor-advisoryx_refsource_REDHAT
37105 third-party-advisoryx_refsource_SECUNIA

Open in Interactive Console →