Local Privilege Escalation in NetBSD on x86 Platforms
CVE-2009-2793

Currently unrated

Key Information:

Vendor: Netbsd
Status: Netbsd
Vendor: CVE Published:; 18 September 2009

What is CVE-2009-2793?

The kernel in NetBSD, particularly on x86 platforms, fails to handle pre-commit failures of the iret instruction appropriately. This oversight can enable local users to exploit the tempEIP pseudocode variable, potentially allowing them to gain unauthorized privileges beyond the intended code-segment limits. As a result, affected versions of NetBSD are vulnerable to local privilege escalation attacks, which can compromise system integrity and expose sensitive information.

References

http://www.securityfocus.com/archive/1/506531/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 18, 2009
Vulnerability Reserved
Aug 17, 2009

CVE-2009-2793 Data

JSON

Netbsd

What is CVE-2009-2793?

References

Timeline