CVE-2009-1185
HIGH severity · CVSS 7.2 · CWE-346
7.2CVSS HIGH
Summary
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
Impact & exploitability
Attack vectorLocal
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)82%
AV:L/AC:L/Au:N/C:C/I:C/A:C
Affected products we track (2)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Additional information
- NVD record
- http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e2b362d9f23d4c63018709ab5f81a02f72b91e75
- http://git.kernel.org/?p=linux/hotplug/udev.git%3Ba=commitdiff%3Bh=e86a923d508c2aed371cdd958ce82489cf2ab615
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691Advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705Advisory
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.htmlAdvisory
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00012.htmlAdvisory
- http://lists.vmware.com/pipermail/security-announce/2009/000060.htmlAdvisory
- http://secunia.com/advisories/34731