CVE-2009-1192
Last modified
CVE-2009-1192 is a vulnerability of currently unknown severity. The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.. EPSS estimates a 0.39% chance of exploitation in the next 30 days.
Description
The (1) agp_generic_alloc_page and (2) agp_generic_alloc_pages functions in drivers/char/agp/generic.c in the agp subsystem in the Linux kernel before 2.6.30-rc3 do not zero out pages that may later be available to a user-space process, which allows local users to obtain sensitive information by reading these pages.
Metrics
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Linux | Linux Kernel | <= 2.6.30 | Rc2 |
| Linux | Linux Kernel | 2.2.27 | — |
| Linux | Linux Kernel | 2.4.36 | — |
| Linux | Linux Kernel | 2.4.36.1 | — |
| Linux | Linux Kernel | 2.4.36.2 | — |
| Linux | Linux Kernel | 2.4.36.3 | — |
| Linux | Linux Kernel | 2.4.36.4 | — |
| Linux | Linux Kernel | 2.4.36.5 | — |
| Linux | Linux Kernel | 2.4.36.6 | — |
| Linux | Linux Kernel | 2.6 | — |
| Linux | Linux Kernel | 2.6.0 | — |
| Linux | Linux Kernel | 2.6.1 | — |
| Linux | Linux Kernel | 2.6.2 | — |
| Linux | Linux Kernel | 2.6.10 | — |
| Linux | Linux Kernel | 2.6.11 | — |
| Linux | Linux Kernel | 2.6.11.1 | — |
| Linux | Linux Kernel | 2.6.11.2 | — |
| Linux | Linux Kernel | 2.6.11.3 | — |
| Linux | Linux Kernel | 2.6.11.4 | — |
| Linux | Linux Kernel | 2.6.11.5 | — |
| Linux | Linux Kernel | 2.6.11.6 | — |
| Linux | Linux Kernel | 2.6.11.7 | — |
| Linux | Linux Kernel | 2.6.11.8 | — |
| Linux | Linux Kernel | 2.6.11.9 | — |
| Linux | Linux Kernel | 2.6.11.10 | — |
| Linux | Linux Kernel | 2.6.11.11 | — |
| Linux | Linux Kernel | 2.6.11.12 | — |
| Linux | Linux Kernel | 2.6.12 | — |
| Linux | Linux Kernel | 2.6.12.1 | — |
| Linux | Linux Kernel | 2.6.12.2 | — |
| Linux | Linux Kernel | 2.6.12.3 | — |
| Linux | Linux Kernel | 2.6.12.4 | — |
| Linux | Linux Kernel | 2.6.12.5 | — |
| Linux | Linux Kernel | 2.6.12.6 | — |
| Linux | Linux Kernel | 2.6.13 | — |
| Linux | Linux Kernel | 2.6.13.1 | — |
| Linux | Linux Kernel | 2.6.13.2 | — |
| Linux | Linux Kernel | 2.6.13.3 | — |
| Linux | Linux Kernel | 2.6.13.4 | — |
| Linux | Linux Kernel | 2.6.13.5 | — |
| Linux | Linux Kernel | 2.6.14 | — |
| Linux | Linux Kernel | 2.6.14.1 | — |
| Linux | Linux Kernel | 2.6.14.2 | — |
| Linux | Linux Kernel | 2.6.14.3 | — |
| Linux | Linux Kernel | 2.6.14.4 | — |
| Linux | Linux Kernel | 2.6.14.5 | — |
| Linux | Linux Kernel | 2.6.14.6 | — |
| Linux | Linux Kernel | 2.6.14.7 | — |
| Linux | Linux Kernel | 2.6.15 | — |
| Linux | Linux Kernel | 2.6.15.1 | — |
Showing 50 of 285 affected configurations. See NVD for the full list.
References
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc3Patch, Vendor Advisory
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.30-rc3Patch, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-1192?
How severe is CVE-2009-1192?
How do I fix CVE-2009-1192?
Are you affected by CVE-2009-1192?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST