TITLE: Linux Kernel "clock_nanosleep()" NULL Pointer Dereference SECUNIA ADVISORY ID: SA36200 VERIFY ADVISORY: http://secunia.com/advisories/36200/ DESCRIPTION: A vulnerability has been reported in the Linux Kernel, which can be exploited by malicious, local users to cause a DoS (Denial of Service) and potentially gain escalated privileges. The vulnerability is caused due to an error within the "clock_nanosleep()" function in kernel/posix-timers.c. This can be exploited to trigger a NULL-pointer dereference by calling "clock_nanosleep()" with a clock id equal to CLOCK_MONOTONIC_RAW. The vulnerability is reported in versions 2.6.28 and later. Other versions may also be affected. SOLUTION: Fixed in the GIT repository: http://git.kernel.org/linus/70d715fd0597f18528f389b5ac59102263067744 PROVIDED AND/OR DISCOVERED BY: Hiroshi Shimamoto ORIGINAL ADVISORY: http://lkml.org/lkml/2009/8/4/28 http://lkml.org/lkml/2009/8/4/40
CVE-2009-2767 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2767): The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL pointer dereference.
