CVE-2009-2847

Published: 18 August 2009

The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive information from the kernel stack via the sigaltstack function.

Priority

Status

Package	Release	Status
linux Launchpad, Ubuntu, Debian	dapper	Does not exist
	hardy	Released (2.6.24-25.63)
	intrepid	Released (2.6.27-15.43)
	jaunty	Released (2.6.28-16.55)
	upstream	Released (2.6.31)
linux-source-2.6.15 Launchpad, Ubuntu, Debian	dapper	Released (2.6.15-55.80)
	hardy	Does not exist
	intrepid	Does not exist
	jaunty	Does not exist
	upstream	Needs triage

References

https://ubuntu.com/security/notices/USN-852-1
https://www.cve.org/CVERecord?id=CVE-2009-2847
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.