Lucene search

MitreCVE-2009-2584

HistoryJul 23, 2009 - 8:30 p.m.

CVE-2009-2584

2009-07-2320:30:00

CWE-189

mitre

web.nvd.nist.gov

cve

2009

sgi

gru

linux kernel

buffer overflow

memory overwrite

privilege escalation

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

Percentile

9.8%

JSON

Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privileges via a crafted count argument, which triggers a stack-based buffer overflow.

Affected configurations

Nvd

Node

linuxlinux_kernelRange≤2.6.30.2

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

grsecurity.net/~spender/exploit_demo.c

lkml.org/lkml/2009/7/20/348

lkml.org/lkml/2009/7/20/362

secunia.com/advisories/37105

www.securityfocus.com/bid/35753

www.ubuntu.com/usn/USN-852-1

xorl.wordpress.com/2009/07/21/linux-kernel-sgi-gru-driver-off-by-one-overwrite/

exchange.xforce.ibmcloud.com/vulnerabilities/51887

Social References

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.3

Confidence

High

EPSS

Percentile

9.8%

JSON

Related for CVE-2009-2584