VDB
CVE-2009-2691
CVE-2009-2691
PUBLISHED
CVSS 2.0999999046325684 LOW
The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition.
EPSS 0.06% · 18.2th percentile
Risk Scores
CVSS 2.0
2.0999999046325684
EPSS Score
0.06%
18.2th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| linux | linux_kernel | 0, 2.6.30, 2.6.30 |
Exploit Intelligence
- [linux-kernel] 20090623 [PATCH 1/1] mm_for_maps: simplify, use ptrace_may_access() (circl)
- 36265 (circl)
- [linux-kernel] 20090623 [PATCH 0/1] mm_for_maps: simplify, use ptrace_may_access() (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=516171 (circl)
- RHSA-2009:1540 (circl)
- 36019 (circl)
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=00f89d218523b9bf6b522349c039d5ac80aa536d (circl)
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=704b836cbf19e885f8366bccb2e4b0474346c02d (circl)
- [oss-security] 20090811 CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading (circl)
- [linux-kernel] 20090710 [PATCH 1/2] mm_for_maps: shift down_read(mmap_sem) to the caller (circl)
…and 7 more exploits
Timeline
- Aug 14, 2009 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- http://lkml.org/lkml/2009/6/23/652 technical
- [linux-kernel] 20090623 [PATCH 1/1] mm_for_maps: simplify, use ptrace_may_access() mailing-list
- 36265 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=516171 url
- RHSA-2009:1540 vendor-advisory
- 36019 vdb
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=00f89d218523b9bf6b522349c039d5ac80aa536d url
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=704b836cbf19e885f8366bccb2e4b0474346c02d url
- [oss-security] 20090811 CVE-2009-2691 kernel: /proc/$pid/maps visible during initial setuid ELF loading mailing-list
- [linux-kernel] 20090710 [PATCH 1/2] mm_for_maps: shift down_read(mmap_sem) to the caller mailing-list
- FEDORA-2009-9044 vendor-advisory
- ADV-2009-2246 vdb
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=13f0feafa6b8aead57a2a328e2fca6a5828bf286 url
- 36501 third-party-advisory
- DSA-2005 vendor-advisory
- linux-kernel-mmformaps-info-disclosure(52401) vdb
- [linux-kernel] 20090710 [PATCH 2/2] mm_for_maps: take ->cred_guard_mutex to fix the race mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2009-2691 advisory
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=00f89d218523b9bf6b522349c039d5ac80aa536d url
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=13f0feafa6b8aead57a2a328e2fca6a5828bf286 url
…and 1 more