CVE-2009-1298

Name: CVE-2009-1298
Creator: NVD / NIST
Published: 2009-12-08T23:30:00.203+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.87%

Last modified Jun 16, 2026

CVE-2009-1298 is a vulnerability of currently unknown severity. The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and hang) via long IP packets, possibly related to the ip_defrag function.. EPSS estimates a 3.87% chance of exploitation in the next 30 days.

Description

The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL pointer dereference and hang) via long IP packets, possibly related to the ip_defrag function.

Metrics

EPSS Probability

3.87%

88.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions	Update
Linux	Linux Kernel	<= 2.6.32	Rc8
Linux	Linux Kernel	2.6.28	—
Linux	Linux Kernel	2.6.28.1	—
Linux	Linux Kernel	2.6.28.2	—
Linux	Linux Kernel	2.6.28.3	—
Linux	Linux Kernel	2.6.28.4	—
Linux	Linux Kernel	2.6.28.5	—
Linux	Linux Kernel	2.6.28.6	—
Linux	Linux Kernel	2.6.28.7	—
Linux	Linux Kernel	2.6.28.8	—
Linux	Linux Kernel	2.6.28.9	—
Linux	Linux Kernel	2.6.28.10	—
Linux	Linux Kernel	2.6.29	—
Linux	Linux Kernel	2.6.29.1	—
Linux	Linux Kernel	2.6.29.2	—
Linux	Linux Kernel	2.6.29.3	—
Linux	Linux Kernel	2.6.29.4	—
Linux	Linux Kernel	2.6.29.5	—
Linux	Linux Kernel	2.6.29.6	—
Linux	Linux Kernel	2.6.30	—
Linux	Linux Kernel	2.6.30.1	—
Linux	Linux Kernel	2.6.30.2	—
Linux	Linux Kernel	2.6.30.3	—
Linux	Linux Kernel	2.6.30.4	—
Linux	Linux Kernel	2.6.30.5	—
Linux	Linux Kernel	2.6.30.6	—
Linux	Linux Kernel	2.6.30.7	—
Linux	Linux Kernel	2.6.30.8	—
Linux	Linux Kernel	2.6.30.9	—
Linux	Linux Kernel	2.6.31	—
Linux	Linux Kernel	2.6.31.1	—
Linux	Linux Kernel	2.6.31.2	—
Linux	Linux Kernel	2.6.31.3	—
Linux	Linux Kernel	2.6.31.4	—
Linux	Linux Kernel	2.6.31.5	—
Linux	Linux Kernel	2.6.31.6	—
Linux	Linux Kernel	2.6.32	—

References

Timeline

Published: Dec 8, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-1298?

How severe is CVE-2009-1298?

Severity scoring for CVE-2009-1298 is pending analysis. The EPSS model estimates a 3.87% probability of exploitation in the next 30 days.

How do I fix CVE-2009-1298?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-1298?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST