CVE-2009-1883

Published: 18 September 2009

The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage.

Priority

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Not vulnerable
	intrepid	Not vulnerable
	jaunty	Not vulnerable
	upstream	Not vulnerable
linux-source-2.6.15 Launchpad, Ubuntu, Debian	dapper	Released (2.6.15-55.80)
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Does not exist
	upstream	Needed

References

https://ubuntu.com/security/notices/USN-852-1
https://www.cve.org/CVERecord?id=CVE-2009-1883
NVD
Launchpad
Debian

Bugs

https://bugzilla.redhat.com/show_bug.cgi?id=505983

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›