CVE-2009-2584 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2009-2584?

CVE-2009-2584 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-2584?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.

Vulnerability Description

Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privileges via a crafted count argument, which triggers a stack-based buffer overflow.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 2.6.30.2

Related Weaknesses (CWE)

CWE-189

References

http://grsecurity.net/~spender/exploit_demo.cExploitThird Party Advisory
http://lkml.org/lkml/2009/7/20/348ExploitMailing ListThird Party Advisory
http://lkml.org/lkml/2009/7/20/362Mailing ListThird Party Advisory
http://secunia.com/advisories/37105Third Party Advisory
http://www.securityfocus.com/bid/35753Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-852-1Third Party Advisory
http://xorl.wordpress.com/2009/07/21/linux-kernel-sgi-gru-driver-off-by-one-overExploitThird Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51887Third Party AdvisoryVDB Entry
http://grsecurity.net/~spender/exploit_demo.cExploitThird Party Advisory
http://lkml.org/lkml/2009/7/20/348ExploitMailing ListThird Party Advisory
http://lkml.org/lkml/2009/7/20/362Mailing ListThird Party Advisory
http://secunia.com/advisories/37105Third Party Advisory
http://www.securityfocus.com/bid/35753Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-852-1Third Party Advisory
http://xorl.wordpress.com/2009/07/21/linux-kernel-sgi-gru-driver-off-by-one-overExploitThird Party Advisory

FAQ

What is CVE-2009-2584?

CVE-2009-2584 is a vulnerability with a CVSS score of 7.2 (HIGH). Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to o...

How severe is CVE-2009-2584?

CVE-2009-2584 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-2584?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.