CVE-2009-1046
Published Mar 23, 2009
Last updated 8 years ago
Overview
- Description
- The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a small number of 3-byte UTF-8 characters, which triggers an "off-by-two memory error." NOTE: it is not clear whether this issue crosses privilege boundaries.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.7
- Impact score
- 6.9
- Exploitability score
- 3.4
- Vector string
- AV:L/AC:M/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-399
Vendor comments
- Red HatThis issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 2.1, 3, 4, and 5. It was addressed in Red Hat Enterprise MRG via: https://rhn.redhat.com/errata/RHSA-2009-0451.html .
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "71295664-89EC-4BB3-9F86-B1DDA20FAC5A"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "26BD805F-08EB-42EC-BC54-26A7278E5089"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "217715A5-E69D-45C0-B8E4-5681528C651B"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A87AD66C-4321-4459-8556-3B0BA38C493A"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.28.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "87A347E0-9C0B-4674-9363-3C36DA27AC45"
}
],
"operator": "OR"
}
]
}
]