Debian DSA-1928-1 Critical: Linux 2.6.24 Kernel Privilege Escalation
debian
November 5, 2009
Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, sensitive memory leak or privilege escalation
Topics Covered
Summary
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a denial of service, sensitive memory leak or privilege
escalation. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2009-2846
Michael Buesch noticed a typing issue in the eisa-eeprom driver
for the hppa architecture. Local users could exploit this issue to
gain access to restricted memory.
CVE-2009-2847
Ulrich Drepper noticed an issue in the do_sigalstack routine on
64-bit systems. This issue allows local users to gain access to
potentially sensitive memory on the kernel stack.
CVE-2009-2848
Eric Dumazet discovered an issue in the execve path, where the
clear_child_tid variable was not being properly cleared. Local
users could exploit this issue to cause a denial of service
(memory corruption).
CVE-2009-2849
Neil Brown discovered an issue in the sysfs interface to md
devices. When md arrays are not active, local users can exploit
...
PREVIOUS 
NEXT Severity
critical
Lowest
Low
Medium
High
Critical
Package: linux-2.6.24
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!