Unrated severityNVD Advisory· Published Nov 6, 2009· Updated Jun 16, 2026
CVE-2009-3725
CVE-2009-3725
Description
The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- Range: <2.6.31.5
Patches
Vulnerability mechanics
References
13- patchwork.kernel.org/patch/51382/nvdPatchVendor Advisory
- patchwork.kernel.org/patch/51383/nvdPatchVendor Advisory
- patchwork.kernel.org/patch/51384/nvdPatchVendor Advisory
- patchwork.kernel.org/patch/51387/nvdPatchVendor Advisory
- www.securityfocus.com/bid/36834nvdPatchThird Party Advisory
- xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/nvdExploitThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- marc.infonvdMailing ListThird Party Advisory
- secunia.com/advisories/37113nvdThird Party Advisory
- secunia.com/advisories/38905nvdThird Party Advisory
- www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.31.5nvdVendor Advisory
- www.ubuntu.com/usn/usn-864-1nvdThird Party Advisory
News mentions
0No linked articles in our index yet.