High severity7.8NVD Advisory· Published Aug 14, 2009· Updated Apr 23, 2026
CVE-2009-2692
CVE-2009-2692
Description
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.
Affected products
12- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_real_time:10:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
37- www.openwall.com/lists/oss-security/2009/08/14/1nvdMailing ListPatch
- www.vupen.com/english/advisories/2009/2272nvdBroken LinkPatchVendor Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatch
- archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.htmlnvdBroken LinkExploit
- blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.htmlnvdExploitIssue Tracking
- www.exploit-db.com/exploits/19933nvdExploitThird Party AdvisoryVDB Entry
- www.securityfocus.com/bid/36038nvdBroken LinkExploitThird Party AdvisoryVDB Entry
- rhn.redhat.com/errata/RHSA-2009-1222.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2009-1223.htmlnvdThird Party Advisory
- secunia.com/advisories/36278nvdBroken LinkVendor Advisory
- secunia.com/advisories/36289nvdBroken LinkVendor Advisory
- secunia.com/advisories/36327nvdBroken LinkVendor Advisory
- secunia.com/advisories/36430nvdBroken LinkVendor Advisory
- secunia.com/advisories/37298nvdBroken LinkVendor Advisory
- secunia.com/advisories/37471nvdBroken LinkVendor Advisory
- support.avaya.com/css/P8/documents/100067254nvdThird Party Advisory
- www.debian.org/security/2009/dsa-1865nvdMailing ListThird Party Advisory
- www.exploit-db.com/exploits/9477nvdThird Party AdvisoryVDB Entry
- www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5nvdBroken LinkVendor Advisory
- www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5nvdBroken LinkVendor Advisory
- www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6nvdBroken LinkVendor Advisory
- www.securityfocus.com/archive/1/505751/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/505912/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/507985/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/512019/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.vmware.com/security/advisories/VMSA-2009-0016.htmlnvdThird Party Advisory
- www.vupen.com/english/advisories/2009/3316nvdBroken LinkVendor Advisory
- grsecurity.net/~spender/wunderbar_emporium.tgznvdBroken Link
- lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.htmlnvdMailing List
- wiki.rpath.com/wiki/Advisories:rPSA-2009-0121nvdBroken Link
- www.mandriva.com/security/advisoriesnvdBroken Link
- www.redhat.com/support/errata/RHSA-2009-1233.htmlnvdBroken Link
- zenthought.org/content/file/android-root-2009-08-16-sourcenvdBroken Link
- issues.rpath.com/browse/RPL-3103nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657nvdBroken Link
News mentions
0No linked articles in our index yet.