Vulnerability Description
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Kernel | 2.6.24.7 |
| Linux | Linux Kernel | <= 2.6.16.31 |
| Linux | Linux | All versions |
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%
- http://rhn.redhat.com/errata/RHSA-2009-1243.html
- http://secunia.com/advisories/36136
- http://secunia.com/advisories/36501
- http://secunia.com/advisories/36562
- http://secunia.com/advisories/36759
- http://secunia.com/advisories/37105
- http://secunia.com/advisories/37471
- http://www.exploit-db.com/exploits/9352
- http://www.openwall.com/lists/oss-security/2009/08/04/1Patch
- http://www.openwall.com/lists/oss-security/2009/08/05/1Patch
- http://www.openwall.com/lists/oss-security/2009/08/26/2
- http://www.redhat.com/support/errata/RHSA-2009-1438.html
- http://www.securityfocus.com/archive/1/507985/100/0/threaded
- http://www.ubuntu.com/usn/USN-852-1
FAQ
What is CVE-2009-2847?
CVE-2009-2847 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, whic...
How severe is CVE-2009-2847?
CVE-2009-2847 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2847?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Kernel, Linux Linux Kernel, Linux Linux.