CVE-2009-2909

Publication date 20 October 2009

Last updated 24 July 2024

Ubuntu priority

Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	9.10 karmic	Not affected
	9.04 jaunty	Fixed 2.6.28-17.58
	8.10 intrepid	Fixed 2.6.27-16.44
	8.04 LTS hardy	Fixed 2.6.24-26.64
	6.06 LTS dapper	Not in release
linux-source-2.6.15	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Fixed 2.6.15-55.81

Notes

kees

ABI bumper

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Upstream: http://git.kernel.org/?p=linux/kernel/git/davem/net-2.6.git;a=blobdiff;f=include/net/sock.h;h=1621935aad5bc5b3e69299c136c685dd42dbff92;hp=950409dcec3d5763bf4822c4fb8599e20808c728;hb=b7058842c940ad2c08dd829b21e5c92ebe3b8758;hpb=eb1cf0f8f7a9e5a6d573d5bd72c015686a042db0

CVE-2009-2909

Status

Notes

kees

Patch details

References

Related Ubuntu Security Notices (USN)

Other references