CVE-2009-2847 : The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when runnin

The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function.

Published 2009-08-18 21:00:00

Updated 2018-10-10 19:42:18

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2009-2847

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ % EPSS Score History EPSS FAQ

CVSS scores for CVE-2009-2847

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.9	MEDIUM	AV:L/AC:L/Au:N/C:C/I:N/A:N	3.9	6.9	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None

Vendor statements for CVE-2009-2847

Red Hat 2009-09-15

This issue has been rated as having moderate security impact. It was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG: http://rhn.redhat.com/cve/CVE-2009-2847.html This issue is not planned to be fixed in Red Hat Enterprise Linux 3, due to this product being in Production 3 of its maintenance life-cycle, where only qualified security errata of important or critical impact are addressed. For further information about Errata Support Policy, visit: http://www.redhat.com/security/updates/errata/

References for CVE-2009-2847

http://www.redhat.com/support/errata/RHSA-2009-1438.html

Support

CVEs referencing this url
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=0083fc2c50e6c5127c2802ad323adf8143ab7856

Exploit
http://www.vmware.com/security/advisories/VMSA-2009-0016.html

VMSA-2009-0016.6

CVEs referencing this url
http://www.vupen.com/english/advisories/2009/3316

Webmail: access your OVH emails on ovhcloud.com | OVHcloud

CVEs referencing this url
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10637
http://www.openwall.com/lists/oss-security/2009/08/04/1

Patch
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8405
https://www.redhat.com/archives/fedora-package-announce/2009-August/msg01256.html

CVEs referencing this url
http://www.ubuntu.com/usn/USN-852-1

USN-852-1: Linux kernel vulnerabilities | Ubuntu security notices | Ubuntu

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=515392

Patch
http://www.securityfocus.com/archive/1/507985/100/0/threaded

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2009/08/26/2
http://www.openwall.com/lists/oss-security/2009/08/05/1

Patch
http://www.exploit-db.com/exploits/9352
http://rhn.redhat.com/errata/RHSA-2009-1243.html

CVEs referencing this url

Products affected by CVE-2009-2847

Linux » Linux Kernel » Update -rc5
Versions up to, including, (<=) 2.6.16.31
cpe:2.3:o:linux:linux_kernel:*:-rc5:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.0
cpe:2.3:o:linux:linux_kernel:2.6.0:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.1
cpe:2.3:o:linux:linux_kernel:2.6.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.10
cpe:2.3:o:linux:linux_kernel:2.6.10:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.11.7
cpe:2.3:o:linux:linux_kernel:2.6.11.7:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.11.8
cpe:2.3:o:linux:linux_kernel:2.6.11.8:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.11.5
cpe:2.3:o:linux:linux_kernel:2.6.11.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.11.6
cpe:2.3:o:linux:linux_kernel:2.6.11.6:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.11
cpe:2.3:o:linux:linux_kernel:2.6.11:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.11.1
cpe:2.3:o:linux:linux_kernel:2.6.11.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.11.2
cpe:2.3:o:linux:linux_kernel:2.6.11.2:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.11.3
cpe:2.3:o:linux:linux_kernel:2.6.11.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.11.4
cpe:2.3:o:linux:linux_kernel:2.6.11.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.11.11
cpe:2.3:o:linux:linux_kernel:2.6.11.11:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.13.4
cpe:2.3:o:linux:linux_kernel:2.6.13.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.13.3
cpe:2.3:o:linux:linux_kernel:2.6.13.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.12.3
cpe:2.3:o:linux:linux_kernel:2.6.12.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.12.2
cpe:2.3:o:linux:linux_kernel:2.6.12.2:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.13.5
cpe:2.3:o:linux:linux_kernel:2.6.13.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.12.5
cpe:2.3:o:linux:linux_kernel:2.6.12.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.12.4
cpe:2.3:o:linux:linux_kernel:2.6.12.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.13.2
cpe:2.3:o:linux:linux_kernel:2.6.13.2:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.13.1
cpe:2.3:o:linux:linux_kernel:2.6.13.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.12.1
cpe:2.3:o:linux:linux_kernel:2.6.12.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.12
cpe:2.3:o:linux:linux_kernel:2.6.12:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.11.12
cpe:2.3:o:linux:linux_kernel:2.6.11.12:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.13
cpe:2.3:o:linux:linux_kernel:2.6.13:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.12.6
cpe:2.3:o:linux:linux_kernel:2.6.12.6:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.11.9
cpe:2.3:o:linux:linux_kernel:2.6.11.9:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.11.10
cpe:2.3:o:linux:linux_kernel:2.6.11.10:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.14.4
cpe:2.3:o:linux:linux_kernel:2.6.14.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.14.2
cpe:2.3:o:linux:linux_kernel:2.6.14.2:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.14.5
cpe:2.3:o:linux:linux_kernel:2.6.14.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.14.3
cpe:2.3:o:linux:linux_kernel:2.6.14.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.14.1
cpe:2.3:o:linux:linux_kernel:2.6.14.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.14.6
cpe:2.3:o:linux:linux_kernel:2.6.14.6:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.14
cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.14.7
cpe:2.3:o:linux:linux_kernel:2.6.14.7:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.15
cpe:2.3:o:linux:linux_kernel:2.6.15:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.15.5
cpe:2.3:o:linux:linux_kernel:2.6.15.5:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.15.2
cpe:2.3:o:linux:linux_kernel:2.6.15.2:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.15.3
cpe:2.3:o:linux:linux_kernel:2.6.15.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.15.4
cpe:2.3:o:linux:linux_kernel:2.6.15.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.15.1
cpe:2.3:o:linux:linux_kernel:2.6.15.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16
cpe:2.3:o:linux:linux_kernel:2.6.16:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.15.7
cpe:2.3:o:linux:linux_kernel:2.6.15.7:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.15.6
cpe:2.3:o:linux:linux_kernel:2.6.15.6:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.1
cpe:2.3:o:linux:linux_kernel:2.6.16.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.3
cpe:2.3:o:linux:linux_kernel:2.6.16.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.2
cpe:2.3:o:linux:linux_kernel:2.6.16.2:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.12
cpe:2.3:o:linux:linux_kernel:2.6.16.12:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.13
cpe:2.3:o:linux:linux_kernel:2.6.16.13:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.14
cpe:2.3:o:linux:linux_kernel:2.6.16.14:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.15
cpe:2.3:o:linux:linux_kernel:2.6.16.15:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.10
cpe:2.3:o:linux:linux_kernel:2.6.16.10:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.11
cpe:2.3:o:linux:linux_kernel:2.6.16.11:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.16
cpe:2.3:o:linux:linux_kernel:2.6.16.16:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.20
cpe:2.3:o:linux:linux_kernel:2.6.16.20:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.19
cpe:2.3:o:linux:linux_kernel:2.6.16.19:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.17
cpe:2.3:o:linux:linux_kernel:2.6.16.17:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.18
cpe:2.3:o:linux:linux_kernel:2.6.16.18:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.22
cpe:2.3:o:linux:linux_kernel:2.6.16.22:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.21
cpe:2.3:o:linux:linux_kernel:2.6.16.21:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.23
cpe:2.3:o:linux:linux_kernel:2.6.16.23:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.30
cpe:2.3:o:linux:linux_kernel:2.6.16.30:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.31
cpe:2.3:o:linux:linux_kernel:2.6.16.31:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.26
cpe:2.3:o:linux:linux_kernel:2.6.16.26:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.27
cpe:2.3:o:linux:linux_kernel:2.6.16.27:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.29
cpe:2.3:o:linux:linux_kernel:2.6.16.29:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.24
cpe:2.3:o:linux:linux_kernel:2.6.16.24:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.25
cpe:2.3:o:linux:linux_kernel:2.6.16.25:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.28
cpe:2.3:o:linux:linux_kernel:2.6.16.28:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6
cpe:2.3:o:linux:linux_kernel:2.6:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.31 Update -rc4
cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc4:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.31 Update -rc2
cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc2:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.31 Update -rc1
cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc1:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Linux Kernel » Version: 2.6.16.31 Update -rc3
cpe:2.3:o:linux:linux_kernel:2.6.16.31:-rc3:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Kernel » Version: 2.6.24.7
cpe:2.3:a:linux:kernel:2.6.24.7:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition
Linux » Kernel » Version: 2.6.25.15
cpe:2.3:a:linux:kernel:2.6.25.15:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux » X64 Edition

Vulnerability Details : CVE-2009-2847

Exploit prediction scoring system (EPSS) score for CVE-2009-2847

CVSS scores for CVE-2009-2847

Vendor statements for CVE-2009-2847

References for CVE-2009-2847

Products affected by CVE-2009-2847