CVE-2009-0029 (GCVE-0-2009-0029)
Vulnerability from cvelistv5
Published
2009-01-15 17:00
Modified
2024-08-07 04:17
Severity ?
CWE
  • n/a
Summary
The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.
References
secalert@redhat.com http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html Third Party Advisory
secalert@redhat.com http://marc.info/?l=linux-kernel&m=123155111608910&w=2 Mailing List, Third Party Advisory
secalert@redhat.com http://secunia.com/advisories/33477 Third Party Advisory
secalert@redhat.com http://secunia.com/advisories/33674 Third Party Advisory
secalert@redhat.com http://secunia.com/advisories/34394 Third Party Advisory
secalert@redhat.com http://secunia.com/advisories/34981 Third Party Advisory
secalert@redhat.com http://secunia.com/advisories/35011 Third Party Advisory
secalert@redhat.com http://www.debian.org/security/2009/dsa-1749 Third Party Advisory
secalert@redhat.com http://www.debian.org/security/2009/dsa-1787 Third Party Advisory
secalert@redhat.com http://www.debian.org/security/2009/dsa-1794 Third Party Advisory
secalert@redhat.com http://www.mandriva.com/security/advisories?name=MDVSA-2009:135 Third Party Advisory
secalert@redhat.com http://www.securityfocus.com/bid/33275 Third Party Advisory, VDB Entry
secalert@redhat.com https://bugzilla.redhat.com/show_bug.cgi?id=479969 Third Party Advisory
secalert@redhat.com https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://marc.info/?l=linux-kernel&m=123155111608910&w=2 Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/33477 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/33674 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/34394 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/34981 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://secunia.com/advisories/35011 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.debian.org/security/2009/dsa-1749 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.debian.org/security/2009/dsa-1787 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.debian.org/security/2009/dsa-1794 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.mandriva.com/security/advisories?name=MDVSA-2009:135 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 http://www.securityfocus.com/bid/33275 Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108 https://bugzilla.redhat.com/show_bug.cgi?id=479969 Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html Third Party Advisory
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:17:10.370Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "MDVSA-2009:135",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135"
          },
          {
            "name": "33477",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33477"
          },
          {
            "name": "SUSE-SA:2009:010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html"
          },
          {
            "name": "33275",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33275"
          },
          {
            "name": "DSA-1749",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1749"
          },
          {
            "name": "DSA-1794",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1794"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479969"
          },
          {
            "name": "33674",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33674"
          },
          {
            "name": "35011",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35011"
          },
          {
            "name": "34981",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34981"
          },
          {
            "name": "34394",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34394"
          },
          {
            "name": "DSA-1787",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1787"
          },
          {
            "name": "FEDORA-2009-0816",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html"
          },
          {
            "name": "[linux-kernel] 20090110 Re: [PATCH -v7][RFC]: mutex: implement adaptive spinning",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://marc.info/?l=linux-kernel\u0026m=123155111608910\u0026w=2"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2009-01-29T10:00:00",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "MDVSA-2009:135",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:135"
        },
        {
          "name": "33477",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33477"
        },
        {
          "name": "SUSE-SA:2009:010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html"
        },
        {
          "name": "33275",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33275"
        },
        {
          "name": "DSA-1749",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1749"
        },
        {
          "name": "DSA-1794",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1794"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=479969"
        },
        {
          "name": "33674",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33674"
        },
        {
          "name": "35011",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35011"
        },
        {
          "name": "34981",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34981"
        },
        {
          "name": "34394",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34394"
        },
        {
          "name": "DSA-1787",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1787"
        },
        {
          "name": "FEDORA-2009-0816",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html"
        },
        {
          "name": "[linux-kernel] 20090110 Re: [PATCH -v7][RFC]: mutex: implement adaptive spinning",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://marc.info/?l=linux-kernel\u0026m=123155111608910\u0026w=2"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-0029",
    "datePublished": "2009-01-15T17:00:00",
    "dateReserved": "2008-12-15T00:00:00",
    "dateUpdated": "2024-08-07T04:17:10.370Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2009-0029\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2009-01-15T17:30:00.467\",\"lastModified\":\"2025-04-09T00:30:58.490\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.\"},{\"lang\":\"es\",\"value\":\"ABI en el kernel de Linux v2.6.28 y anteriores sobre las plataformas s390, powerpc, sparc64, y mips 64-bit requiere que un argumento de 32-bit en un registro de 64-bit sea firmado adecuadamente cuando se env\u00eda una aplicaci\u00f3n en modo de usuario, pero esto no lo puede realizar, lo que permitir\u00eda a usuarios locales producir una denegaci\u00f3n de servicio (ca\u00edda) o ganar privilegios a trav\u00e9s de una llamada al sistema manipulada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6.28\",\"matchCriteriaId\":\"9B5B312F-E76A-43E1-A73F-31535848D55B\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F92AB32-E7DE-43F4-B877-1F41FA162EC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C757774-08E7-40AA-B532-6F705C8F7639\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=linux-kernel\u0026m=123155111608910\u0026w=2\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/33477\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/33674\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34394\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34981\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35011\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1749\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1787\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1794\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:135\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/33275\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=479969\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://marc.info/?l=linux-kernel\u0026m=123155111608910\u0026w=2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/33477\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/33674\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34394\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/34981\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/35011\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1749\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1787\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2009/dsa-1794\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2009:135\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/33275\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=479969\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01045.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"This flaw affects most 64-bit architectures, including IBM S/390 and 64-bit PowerPC, but it does not affect x86_64 or Intel Itanium. The risks associated with fixing this flaw are greater than the security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 3, 4, or 5. Red Hat Enterprise MRG is not affected as it is not supported on 64-bit architectures other than x86_64.\",\"lastModified\":\"2009-06-09T00:00:00\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.