CVE-2009-0029

Publication date 15 January 2009

Last updated 24 July 2024

Ubuntu priority

The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which allows local users to cause a denial of service (crash) or possibly gain privileges via a crafted system call.

From the Ubuntu Security Team

The 64-bit syscall interfaces did not correctly handle sign extension. A local attacker could make malicious syscalls, possibly gaining root privileges. The x86_64 architecture was not affected.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
linux	8.10 intrepid	Ignored
	8.04 LTS hardy	Ignored
	7.10 gutsy	Not in release
	6.06 LTS dapper	Not in release
linux-source-2.6.15	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	6.06 LTS dapper	Fixed 2.6.15-54.76
linux-source-2.6.22	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Ignored
	6.06 LTS dapper	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
linux	Introduced by 1da177e, fixed by bca2685

References

Related Ubuntu Security Notices (USN)