CVE-2009-2848

MEDIUM Year: 2009
CVSS v2 Score
5.9
Medium
Weakness Type
CWE-269
View all →

Vulnerability Description

The execve function in the Linux kernel, possibly 2.6.30-rc6 and earlier, does not properly clear the current->clear_child_tid pointer, which allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a clone system call with CLONE_CHILD_SETTID or CLONE_CHILD_CLEARTID enabled, which is not properly handled during thread creation and exit.

Related Vulnerabilities

CVE-2018-4310

CRITICAL
CVSS:10.0(Critical)

An access issue was addressed with additional sandbox restrictions. This issue affected versions prior to iOS 12, macOS Mojave 10.14.

CWE-2692018

CVE-2020-27655

CRITICAL
CVSS:10.0(Critical)

Improper access control vulnerability in Synology Router Manager (SRM) before 1.2.4-8081 allows remote attackers to access restricted resources via inbound QuickConnect traffic.

CWE-2692020

CVE-2021-1388

CRITICAL
CVSS:10.0(Critical)

A vulnerability in an API endpoint of Cisco ACI Multi-Site Orchestrator (MSO) installed on the Application Services Engine could allow an unauthenticated, remote attacker to bypass authentication on a...

CWE-2692021

CVE-2022-24783

CRITICAL
CVSS:10.0(Critical)

Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicious actor controlling the code executed in...

CWE-2692022

CVE-2024-6240

CRITICAL
CVSS:10.0(Critical)

Improper privilege management vulnerability in Parallels Desktop Software, which affects versions earlier than 19.3.0. An attacker could add malicious code in a script and populate the BASH_ENV enviro...

CWE-2692024

CVE-2025-0505

CRITICAL
CVSS:10.0(Critical)

On Arista CloudVision systems (virtual or physical on-premise deployments), Zero Touch Provisioning can be used to gain admin privileges on the CloudVision system, with more permissions than necessary...

CWE-2692025