CVE-2009-0269

Name: CVE-2009-0269
Creator: NVD / NIST
Published: 2009-01-26T15:30:04.967+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.50%

Last modified Jun 16, 2026

CVE-2009-0269 is a vulnerability of currently unknown severity. fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.. EPSS estimates a 0.50% chance of exploitation in the next 30 days.

Description

fs/ecryptfs/inode.c in the eCryptfs subsystem in the Linux kernel before 2.6.28.1 allows local users to cause a denial of service (fault or memory corruption), or possibly have unspecified other impact, via a readlink call that results in an error, leading to use of a -1 return value as an array index.

Metrics

EPSS Probability

0.50%

39.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	< 2.6.28.1
Opensuse	Opensuse	10.3
Opensuse	Opensuse	11.0
Opensuse	Opensuse	11.1
Debian	Debian Linux	4.0
Debian	Debian Linux	5.0
Canonical	Ubuntu Linux	7.10
Canonical	Ubuntu Linux	8.04
Canonical	Ubuntu Linux	8.10

References

http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=a17d5232de7b53d34229de79ec22f4bb04adb7e4Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.htmlMailing List
http://secunia.com/advisories/33758Broken Link
http://secunia.com/advisories/34394Broken Link
http://secunia.com/advisories/34502Broken Link
http://secunia.com/advisories/34981Broken Link
http://secunia.com/advisories/35390Broken Link
http://secunia.com/advisories/35394Broken Link
http://secunia.com/advisories/37471Broken Link
http://www.debian.org/security/2009/dsa-1749Mailing List
http://www.debian.org/security/2009/dsa-1787Mailing List
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.1Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:118Broken Link
http://www.redhat.com/support/errata/RHSA-2009-0326.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2009-0360.htmlBroken Link
http://www.securityfocus.com/archive/1/507985/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/33412Broken Link, Patch, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-751-1Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlThird Party Advisory
http://www.vupen.com/english/advisories/2009/3316Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/48188Broken Link, VDB Entry
https://lists.launchpad.net/ecryptfs-devel/msg00010.htmlMailing List, Third Party Advisory
https://lists.launchpad.net/ecryptfs-devel/msg00011.htmlMailing List, Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8169Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8944Broken Link
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=a17d5232de7b53d34229de79ec22f4bb04adb7e4Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00003.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00000.htmlMailing List
http://lists.opensuse.org/opensuse-security-announce/2009-06/msg00001.htmlMailing List
http://secunia.com/advisories/33758Broken Link
http://secunia.com/advisories/34394Broken Link
http://secunia.com/advisories/34502Broken Link
http://secunia.com/advisories/34981Broken Link
http://secunia.com/advisories/35390Broken Link
http://secunia.com/advisories/35394Broken Link
http://secunia.com/advisories/37471Broken Link
http://www.debian.org/security/2009/dsa-1749Mailing List
http://www.debian.org/security/2009/dsa-1787Mailing List
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.28.1Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:118Broken Link
http://www.redhat.com/support/errata/RHSA-2009-0326.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2009-0360.htmlBroken Link
http://www.securityfocus.com/archive/1/507985/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/33412Broken Link, Patch, Third Party Advisory, VDB Entry
http://www.ubuntu.com/usn/usn-751-1Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlThird Party Advisory
http://www.vupen.com/english/advisories/2009/3316Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/48188Broken Link, VDB Entry
https://lists.launchpad.net/ecryptfs-devel/msg00010.htmlMailing List, Third Party Advisory
https://lists.launchpad.net/ecryptfs-devel/msg00011.htmlMailing List, Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8169Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8944Broken Link

Timeline

Published: Jan 26, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-0269?

How severe is CVE-2009-0269?

Severity scoring for CVE-2009-0269 is pending analysis. The EPSS model estimates a 0.50% probability of exploitation in the next 30 days.

How do I fix CVE-2009-0269?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-0269?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST