VYPR
High severity7.8NVD Advisory· Published Aug 14, 2009· Updated Jun 16, 2026

CVE-2009-2692

CVE-2009-2692

Description

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

13
  • cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • Linux/Kernel2 versions
    cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*range: >=2.4.4,<2.4.37.5
    • (no CPE)range: 2.4.4 - 2.4.37.4 and 2.6.0 - 2.6.30.4
  • cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
    • cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
  • cpe:2.3:o:suse:linux_enterprise_real_time:10:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

39

News mentions

0

No linked articles in our index yet.