CVE-2009-2848

Description

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.

Affected products

• Canonical / Ubuntu Linux9.04 – 9.04
• Canonical / Ubuntu Linux8.10 – 8.10
• Canonical / Ubuntu Linux8.04 – 8.04
• Canonical / Ubuntu Linux6.06 – 6.06
• fedoraproject / fedora11 – 11
• Linux / Linux kernel2.6.30 – 2.6.30
• Linux / Linux kernel2.6.30 – 2.6.30
• Linux / Linux kernel2.6.30 – 2.6.30
• Linux / Linux kernel2.6.29.5
• Linux / Linux kernel2.6.30 – 2.6.30
• Linux / Linux kernel2.6.30 – 2.6.30
• Linux / Linux kernel2.6.30 – 2.6.30
• Linux / Linux kernel2.6.30 – 2.6.30
• Novell / linux_desktop9 – 9
• openSUSE / opensuse11.0 – 11.0
• RedHat / enterprise_linux_desktop5.0 – 5.0
• RedHat / enterprise_linux_desktop3.0 – 3.0
• RedHat / enterprise_linux_server5.0 – 5.0
• RedHat / enterprise_linux_server3.0 – 3.0
• RedHat / enterprise_linux_workstation5.0 – 5.0
• RedHat / enterprise_linux_workstation3.0 – 3.0
• SUSE / linux_enterprise_desktop10 – 10
• SUSE / linux_enterprise_server10 – 10
• SUSE / linux_enterprise_server9 – 9
• VMware / esx4.0 – 4.0
• VMware / vma4.0 – 4.0

References

• MISChttp://www.securityfocus.com/archive/1/512019/100/0/threaded
• VENDOR_ADVISORYhttp://secunia.com/advisories/37471
• VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-852-1
• MISChttp://rhn.redhat.com/errata/RHSA-2009-1243.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/36759
• VENDOR_ADVISORYhttp://www.vmware.com/security/advisories/VMSA-2009-0016.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/37351
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00007.html
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9766
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11412
• MISChttp://www.securityfocus.com/archive/1/507985/100/0/threaded
• VENDOR_ADVISORYhttp://secunia.com/advisories/36562
• MISChttps://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/52899
• MISChttp://article.gmane.org/gmane.linux.kernel/871942
• VENDOR_ADVISORYhttp://secunia.com/advisories/35983
• MISChttps://rhn.redhat.com/errata/RHSA-2009-1550.html
• VENDOR_ADVISORYhttp://secunia.com/advisories/36501
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8598
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/08/04/2
• MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/08/05/10
• MISChttp://www.redhat.com/support/errata/RHSA-2009-1438.html
• MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2009-11/msg00005.html
• VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2009/3316
• VENDOR_ADVISORYhttp://secunia.com/advisories/37105