CVE-2009-0835

Advisory lineage Upstream: 0 Downstream: 2

Downstream

DSA-1800-1 RHSA-2009:0451

Modified

Published: 06 Mar 2009, 11:00

Last modified:07 Aug 2024, 04:48

Vulnerability Summary

Overall Risk (default)

low

24/100

CVSS Score

3.6 LOW

v2.0 (nvd)

EPSS Score

0.08% LOW

0% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

4 found

Dark Web

Not detected

Timeline

06 Mar 2009, 11:00

Published

Vulnerability first disclosed

07 Aug 2024, 04:48

Last Modified

Vulnerability information updated

Description

The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass intended access restrictions via crafted syscalls that are misinterpreted as (a) stat or (b) chmod, a related issue to CVE-2009-0342 and CVE-2009-0343.

CVSS Metrics

v2.0•LOW•Score: 3.6AV:L/AC:L/Au:N/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 0.08%• Percentile: 23%

Techniques & Countermeasures

CWE-264•Permissions, Privileges, and Access Controls
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Affected Systems

linux•linux_kernel
2.6.25 | 2.6.25.1 | 2.6.25.2 | 2.6.25.3 | 2.6.25.4 | 2.6.25.5 | 2.6.25.6 | 2.6.25.7 | 2.6.25.8 | 2.6.25.9 | 2.6.25.10 | 2.6.25.11 | 2.6.25.12