CVE-2009-0834

Publication date 6 March 2009

Last updated 24 July 2024

The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.

From the Ubuntu Security Team

The syscall interface did not correctly validate parameters when crossing the 64-bit/32-bit boundary. A local attacker could bypass certain syscall restricts via crafted syscalls.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
linux	8.10 intrepid	Fixed 2.6.27-11.31
	8.04 LTS hardy	Fixed 2.6.24-23.52
	7.10 gutsy	Not in release
	6.06 LTS dapper	Not in release
linux-source-2.6.15	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	6.06 LTS dapper	Fixed 2.6.15-54.76
linux-source-2.6.22	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Fixed 2.6.22-16.62
	6.06 LTS dapper	Not in release

References

Related Ubuntu Security Notices (USN)

USN-752-1
Linux kernel vulnerabilities
7 April 2009

USN-751-1
Linux kernel vulnerabilities
6 April 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-0834