CVE-2009-2847

Advisory lineage Upstream: 0 Downstream: 6
Modified
Published: 18 Aug 2009, 20:41
Last modified:07 Aug 2024, 06:07

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
4.9 MEDIUM
v2.0 (nvd)
EPSS Score
0.18% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected

Timeline

18 Aug 2009, 20:41
Published
Vulnerability first disclosed
07 Aug 2024, 06:07
Last Modified
Vulnerability information updated

Description

The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function.

CVSS Metrics

  • v2.0MEDIUMScore: 4.9AV:L/AC:L/Au:N/C:C/I:N/A:N

EPSS Trends

Current EPSS score: 0.18% Percentile: 40%

Affected Systems

  • UnknownKernel

    2.6.24.7 | 2.6.25.15

  • linuxlinux_kernel

    ≤ 2.6.16.31 | 2.6 | 2.6.0 | 2.6.1 | 2.6.10 | 2.6.11 | 2.6.11.1 | 2.6.11.2 | 2.6.11.3 | 2.6.11.4 | 2.6.11.5 | 2.6.11.6 | 2.6.11.7 | 2.6.11.8 | 2.6.11.9 | 2.6.11.10 | 2.6.11.11 | 2.6.11.12 | 2.6.12 | 2.6.12.1 | 2.6.12.2 | 2.6.12.3 | 2.6.12.4 | 2.6.12.5 | 2.6.12.6 | 2.6.13 | 2.6.13.1 | 2.6.13.2 | 2.6.13.3 | 2.6.13.4 | 2.6.13.5 | 2.6.14 | 2.6.14.1 | 2.6.14.2 | 2.6.14.3 | 2.6.14.4 | 2.6.14.5 | 2.6.14.6 | 2.6.14.7 | 2.6.15 | 2.6.15.1 | 2.6.15.2 | 2.6.15.3 | 2.6.15.4 | 2.6.15.5 | 2.6.15.6 | 2.6.15.7 | 2.6.16 | 2.6.16.1 | 2.6.16.2 | 2.6.16.3 | 2.6.16.10 | 2.6.16.11 | 2.6.16.12 | 2.6.16.13 | 2.6.16.14 | 2.6.16.15 | 2.6.16.16 | 2.6.16.17 | 2.6.16.18 | 2.6.16.19 | 2.6.16.20 | 2.6.16.21 | 2.6.16.22 | 2.6.16.23 | 2.6.16.24 | 2.6.16.25 | 2.6.16.26 | 2.6.16.27 | 2.6.16.28 | 2.6.16.29 | 2.6.16.30 | 2.6.16.31 | 2.6.16.31:-rc1 | 2.6.16.31:-rc2 | 2.6.16.31:-rc3 | 2.6.16.31:-rc4

References (21)