Skip to navigation

Search

Advanced Search

Register or Log in
Help

Log out
Help
Your account
- Account number
- Account settings

Home
Knowledge
Technical Resources

Knowledgebase

Product Documentation

Tech Briefs

Reference Architectures

Support Essentials

Videos

Source
Additional Resources

Certified Hardware

Webinars

Success Stories

Training
Groups
Online User Groups

Groups Dashboard

Red Hat Enterprise Linux

Red Hat Enterprise Linux 7 Ideas

JBoss Enterprise Middleware

Red Hat Enterprise Virtualization

Getting Started with Red Hat

Site Suggestions
Other

Groups FAQ

Rules of Engagement
Support
Support Cases

Create a New Case

View Support Cases

Phone Numbers & Hours

Severity Definitions

Support Programs

Production Support

Development Support

Technical Account Management

Hardware Certification
Product Life Cycles

Life Cycle & Update Policies

Supported Environments

Certified Hardware

Support Essentials

JBoss Supported Configurations
Help & Assistance

Getting Started

Contacting Red Hat

Management Escalation

Support FAQs

Site Help

Portal FAQs

Login Assistance
Downloads
Red Hat Enterprise Linux

Channels

Downloads

Packages

Evaluations & Demos
JBoss Enterprise Middleware

Downloads

Evaluations & Demos
Red Hat Storage

Downloads

Additional Downloads

Fonts
Security
Security Updates

Active Products

End-of-Life Products

Notifications & Advisories

Resources

CVE Database

Security Measurement

Product Signing (GPG) Keys
Policies & Definitions

Severity Ratings

Backporting Policy
Security Team

Security Response Team

Security Contacts
Subscriptions
Subscriptions

Overview

Active Subscriptions

Renewals

Order History

Activate a New Subscription
Certificate-based Management

Consumers List

Classic Management

Entitlements

Systems

Groups
Organization

Users & Permissions

CVE index by year
- 2012 CVE
- 2011 CVE
- 2010 CVE
- 2009 CVE
- - CVE-2009-2848
- 2008 CVE
- 2007 CVE
- 2006 CVE
- 2005 CVE
- 2004 CVE
- 2003 CVE
- 2002 CVE
- 2001 CVE
- 2000 CVE
- 1999 CVE

CVE Database

CVE-2009-2848

Impact:	Important (classification)
Public:	July 31 2009
Bugzilla:	515423: CVE-2009-2848 kernel: execve: must clear current->clear_child_tid

Details

The MITRE CVE dictionary describes this issue as:

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.

Find out more about CVE-2009-2848 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score:	7.2	Base Metrics:	AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector:	Local	Confidentiality Impact:	Complete
Access Complexity:	Low	Integrity Impact:	Complete
Authentication:	None	Availability Impact:	Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform	Errata	Release Date
MRG Grid for RHEL 5 Server (kernel-rt)	RHSA-2009:1239	September 01 2009
Red Hat Enterprise Linux version 5 (kernel)	RHSA-2009:1243	September 02 2009
Red Hat Enterprise Linux version 4 (kernel)	RHSA-2009:1438	September 15 2009
Red Hat Enterprise Linux EUS (v. 5.3 server) (kernel)	RHSA-2009:1466	September 29 2009
Red Hat Enterprise Linux version 3 (kernel)	RHSA-2009:1550	November 03 2009

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Red Hat Security Response Team.

Copyright © 2011 Red Hat, Inc.