High severity7.8NVD Advisory· Published Aug 27, 2009· Updated Apr 23, 2026
CVE-2009-2698
CVE-2009-2698
Description
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.
Affected products
20- cpe:2.3:a:vmware:vcenter_server:4.0:-:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_eus:4.8:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:5.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
25- www.securityfocus.com/bid/36108nvdBroken LinkExploitPatchThird Party AdvisoryVDB Entry
- lists.opensuse.org/opensuse-security-announce/2009-08/msg00008.htmlnvdMailing ListThird Party Advisory
- rhn.redhat.com/errata/RHSA-2009-1222.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2009-1223.htmlnvdThird Party Advisory
- secunia.com/advisories/23073nvdBroken LinkVendor Advisory
- secunia.com/advisories/36430nvdBroken LinkVendor Advisory
- secunia.com/advisories/36510nvdBroken LinkVendor Advisory
- secunia.com/advisories/37105nvdBroken LinkVendor Advisory
- secunia.com/advisories/37298nvdBroken LinkVendor Advisory
- secunia.com/advisories/37471nvdBroken LinkVendor Advisory
- support.avaya.com/css/P8/documents/100067254nvdThird Party Advisory
- www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.19nvdBroken LinkVendor Advisory
- www.mandriva.com/security/advisoriesnvdBroken LinkThird Party Advisory
- www.redhat.com/support/errata/RHSA-2009-1233.htmlnvdBroken LinkThird Party Advisory
- www.securityfocus.com/archive/1/507985/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.securityfocus.com/archive/1/512019/100/0/threadednvdBroken LinkThird Party AdvisoryVDB Entry
- www.securitytracker.com/idnvdBroken LinkThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-852-1nvdThird Party Advisory
- www.vmware.com/security/advisories/VMSA-2009-0016.htmlnvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11514nvdBroken LinkThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8557nvdBroken LinkThird Party Advisory
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9142nvdBroken LinkThird Party Advisory
- www.openwall.com/lists/oss-security/2009/08/25/1nvdMailing List
- www.vupen.com/english/advisories/2009/3316nvdPermissions Required
News mentions
0No linked articles in our index yet.