CVE-2009-2692

Name: CVE-2009-2692
Creator: NVD / NIST
Published: 2009-08-14T15:16:27.5+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.8/10EPSS 14.75%

Last modified Jun 16, 2026

CVE-2009-2692 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.. EPSS estimates a 14.75% chance of exploitation in the next 30 days.

Description

The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using mmap to map page zero, placing arbitrary code on this page, and then invoking an unavailable operation, as demonstrated by the sendpage operation (sock_sendpage function) on a PF_PPPOX socket.

Metrics

CVSS 3.1

7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

14.75%

96.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-908

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	>= 2.4.4, < 2.4.37.5
Linux	Linux Kernel	>= 2.6.0, < 2.6.30.5
Debian	Debian Linux	4.0
Suse	Linux Enterprise Real Time	10
Redhat	Enterprise Linux Desktop	4.0
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	4.8
Redhat	Enterprise Linux Eus	5.3
Redhat	Enterprise Linux Server	4.0
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Aus	5.3
Redhat	Enterprise Linux Workstation	4.0
Redhat	Enterprise Linux Workstation	5.0

References

http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.htmlBroken Link, Exploit
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.htmlExploit, Issue Tracking
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98Broken Link
http://grsecurity.net/~spender/wunderbar_emporium.tgzBroken Link
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.htmlMailing List
http://rhn.redhat.com/errata/RHSA-2009-1222.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-1223.htmlThird Party Advisory
http://secunia.com/advisories/36278Broken Link, Vendor Advisory
http://secunia.com/advisories/36289Broken Link, Vendor Advisory
http://secunia.com/advisories/36327Broken Link, Vendor Advisory
http://secunia.com/advisories/36430Broken Link, Vendor Advisory
http://secunia.com/advisories/37298Broken Link, Vendor Advisory
http://secunia.com/advisories/37471Broken Link, Vendor Advisory
http://support.avaya.com/css/P8/documents/100067254Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121Broken Link
http://www.debian.org/security/2009/dsa-1865Mailing List, Third Party Advisory
http://www.exploit-db.com/exploits/19933Exploit, Third Party Advisory, VDB Entry
http://www.exploit-db.com/exploits/9477Third Party Advisory, VDB Entry
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5Broken Link, Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5Broken Link, Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6Broken Link, Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:233Broken Link
http://www.openwall.com/lists/oss-security/2009/08/14/1Mailing List, Patch
http://www.redhat.com/support/errata/RHSA-2009-1233.htmlBroken Link
http://www.securityfocus.com/archive/1/505751/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/505912/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/507985/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/512019/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/36038Broken Link, Exploit, Third Party Advisory, VDB Entry
http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlThird Party Advisory
http://www.vupen.com/english/advisories/2009/2272Broken Link, Patch, Vendor Advisory
http://www.vupen.com/english/advisories/2009/3316Broken Link, Vendor Advisory
http://zenthought.org/content/file/android-root-2009-08-16-sourceBroken Link
https://bugzilla.redhat.com/show_bug.cgi?id=516949Issue Tracking, Patch
https://issues.rpath.com/browse/RPL-3103Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657Broken Link
http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0174.htmlBroken Link, Exploit
http://blog.cr0.org/2009/08/linux-null-pointer-dereference-due-to.htmlExploit, Issue Tracking
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.4.37.y.git%3Ba=commit%3Bh=c18d0fe535a73b219f960d1af3d0c264555a12e3Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e694958388c50148389b0e9b9e9e8945cf0f1b98Broken Link
http://grsecurity.net/~spender/wunderbar_emporium.tgzBroken Link
http://lists.opensuse.org/opensuse-security-announce/2009-09/msg00001.htmlMailing List
http://rhn.redhat.com/errata/RHSA-2009-1222.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2009-1223.htmlThird Party Advisory
http://secunia.com/advisories/36278Broken Link, Vendor Advisory
http://secunia.com/advisories/36289Broken Link, Vendor Advisory
http://secunia.com/advisories/36327Broken Link, Vendor Advisory
http://secunia.com/advisories/36430Broken Link, Vendor Advisory
http://secunia.com/advisories/37298Broken Link, Vendor Advisory
http://secunia.com/advisories/37471Broken Link, Vendor Advisory
http://support.avaya.com/css/P8/documents/100067254Third Party Advisory
http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0121Broken Link
http://www.debian.org/security/2009/dsa-1865Mailing List, Third Party Advisory
http://www.exploit-db.com/exploits/19933Exploit, Third Party Advisory, VDB Entry
http://www.exploit-db.com/exploits/9477Third Party Advisory, VDB Entry
http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.5Broken Link, Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5Broken Link, Vendor Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6Broken Link, Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:233Broken Link
http://www.openwall.com/lists/oss-security/2009/08/14/1Mailing List, Patch
http://www.redhat.com/support/errata/RHSA-2009-1233.htmlBroken Link
http://www.securityfocus.com/archive/1/505751/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/505912/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/507985/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/archive/1/512019/100/0/threadedBroken Link, Third Party Advisory, VDB Entry
http://www.securityfocus.com/bid/36038Broken Link, Exploit, Third Party Advisory, VDB Entry
http://www.vmware.com/security/advisories/VMSA-2009-0016.htmlThird Party Advisory
http://www.vupen.com/english/advisories/2009/2272Broken Link, Patch, Vendor Advisory
http://www.vupen.com/english/advisories/2009/3316Broken Link, Vendor Advisory
http://zenthought.org/content/file/android-root-2009-08-16-sourceBroken Link
https://bugzilla.redhat.com/show_bug.cgi?id=516949Issue Tracking, Patch
https://issues.rpath.com/browse/RPL-3103Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11526Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11591Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8657Broken Link

Timeline

Published: Aug 14, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-2692?

How severe is CVE-2009-2692?

CVE-2009-2692 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 14.75% probability of exploitation in the next 30 days.

How do I fix CVE-2009-2692?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-2692?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST