CVE-2009-2844: Null Pointer Dereference
First published: Tue Aug 18 2009(Updated: )
cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Kernel-devel | =2.6.24.7 | |
| Red Hat Kernel-devel | =2.6.25.15 | |
| Linux kernel | <=2.6.16.31 | |
| Linux kernel | =2.6 | |
| Linux kernel | =2.6.0 | |
| Linux kernel | =2.6.1 | |
| Linux kernel | =2.6.10 | |
| Linux kernel | =2.6.11 | |
| Linux kernel | =2.6.11.1 | |
| Linux kernel | =2.6.11.2 | |
| Linux kernel | =2.6.11.3 | |
| Linux kernel | =2.6.11.4 | |
| Linux kernel | =2.6.11.5 | |
| Linux kernel | =2.6.11.6 | |
| Linux kernel | =2.6.11.7 | |
| Linux kernel | =2.6.11.8 | |
| Linux kernel | =2.6.11.9 | |
| Linux kernel | =2.6.11.10 | |
| Linux kernel | =2.6.11.11 | |
| Linux kernel | =2.6.11.12 | |
| Linux kernel | =2.6.12 | |
| Linux kernel | =2.6.12.1 | |
| Linux kernel | =2.6.12.2 | |
| Linux kernel | =2.6.12.3 | |
| Linux kernel | =2.6.12.4 | |
| Linux kernel | =2.6.12.5 | |
| Linux kernel | =2.6.12.6 | |
| Linux kernel | =2.6.13 | |
| Linux kernel | =2.6.13.1 | |
| Linux kernel | =2.6.13.2 | |
| Linux kernel | =2.6.13.3 | |
| Linux kernel | =2.6.13.4 | |
| Linux kernel | =2.6.13.5 | |
| Linux kernel | =2.6.14 | |
| Linux kernel | =2.6.14.1 | |
| Linux kernel | =2.6.14.2 | |
| Linux kernel | =2.6.14.3 | |
| Linux kernel | =2.6.14.4 | |
| Linux kernel | =2.6.14.5 | |
| Linux kernel | =2.6.14.6 | |
| Linux kernel | =2.6.14.7 | |
| Linux kernel | =2.6.15 | |
| Linux kernel | =2.6.15.1 | |
| Linux kernel | =2.6.15.2 | |
| Linux kernel | =2.6.15.3 | |
| Linux kernel | =2.6.15.4 | |
| Linux kernel | =2.6.15.5 | |
| Linux kernel | =2.6.15.6 | |
| Linux kernel | =2.6.15.7 | |
| Linux kernel | =2.6.16 | |
| Linux kernel | =2.6.16.1 | |
| Linux kernel | =2.6.16.2 | |
| Linux kernel | =2.6.16.3 | |
| Linux kernel | =2.6.16.10 | |
| Linux kernel | =2.6.16.11 | |
| Linux kernel | =2.6.16.12 | |
| Linux kernel | =2.6.16.13 | |
| Linux kernel | =2.6.16.14 | |
| Linux kernel | =2.6.16.15 | |
| Linux kernel | =2.6.16.16 | |
| Linux kernel | =2.6.16.17 | |
| Linux kernel | =2.6.16.18 | |
| Linux kernel | =2.6.16.19 | |
| Linux kernel | =2.6.16.20 | |
| Linux kernel | =2.6.16.21 | |
| Linux kernel | =2.6.16.22 | |
| Linux kernel | =2.6.16.23 | |
| Linux kernel | =2.6.16.24 | |
| Linux kernel | =2.6.16.25 | |
| Linux kernel | =2.6.16.26 | |
| Linux kernel | =2.6.16.27 | |
| Linux kernel | =2.6.16.28 | |
| Linux kernel | =2.6.16.29 | |
| Linux kernel | =2.6.16.30 | |
| Linux kernel | =2.6.16.31 | |
| Linux kernel | =2.6.16.31--rc1 | |
| Linux kernel | =2.6.16.31--rc2 | |
| Linux kernel | =2.6.16.31--rc3 | |
| Linux kernel | =2.6.16.31--rc4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://jon.oberheide.org/files/cfg80211-remote-dos.c
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cd3468bad96c00b5a512f551674f36776129520e
- http://www.openwall.com/lists/oss-security/2009/08/17/2
- http://www.openwall.com/lists/oss-security/2009/08/17/1
- http://secunia.com/advisories/36278
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5
- http://www.securityfocus.com/bid/36052
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=cd3468bad96c00b5a512f551674f36776129520e
Frequently Asked Questions
What is the severity of CVE-2009-2844?
CVE-2009-2844 has a severity rating that indicates it can cause a denial of service (DoS) leading to system crashes.
How do I fix CVE-2009-2844?
To address CVE-2009-2844, you should upgrade to Linux kernel versions 2.6.31-rc6 or later.
What systems are affected by CVE-2009-2844?
CVE-2009-2844 affects various versions of the Linux kernel prior to 2.6.31-rc6.
What type of vulnerability is CVE-2009-2844?
CVE-2009-2844 is classified as a denial of service vulnerability.
Can CVE-2009-2844 be exploited remotely?
Yes, CVE-2009-2844 can be exploited by remote attackers through crafted beacon frames.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/description
- agent/event
- agent/first-publish-date
- agent/source
- agent/tags
- agent/author
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-historical
- collector/nvd-index
- agent/softwarecombine
- vendor/linux
- canonical/red hat kernel-devel
- version/red hat kernel-devel/2.6.24.7
- version/red hat kernel-devel/2.6.25.15
- canonical/linux kernel
- version/linux kernel/2.6.16.31
- version/linux kernel/2.6
- version/linux kernel/2.6.0
- version/linux kernel/2.6.1
- version/linux kernel/2.6.10
- version/linux kernel/2.6.11
- version/linux kernel/2.6.11.1
- version/linux kernel/2.6.11.2
- version/linux kernel/2.6.11.3
- version/linux kernel/2.6.11.4
- version/linux kernel/2.6.11.5
- version/linux kernel/2.6.11.6
- version/linux kernel/2.6.11.7
- version/linux kernel/2.6.11.8
- version/linux kernel/2.6.11.9
- version/linux kernel/2.6.11.10
- version/linux kernel/2.6.11.11
- version/linux kernel/2.6.11.12
- version/linux kernel/2.6.12
- version/linux kernel/2.6.12.1
- version/linux kernel/2.6.12.2
- version/linux kernel/2.6.12.3
- version/linux kernel/2.6.12.4
- version/linux kernel/2.6.12.5
- version/linux kernel/2.6.12.6
- version/linux kernel/2.6.13
- version/linux kernel/2.6.13.1
- version/linux kernel/2.6.13.2
- version/linux kernel/2.6.13.3
- version/linux kernel/2.6.13.4
- version/linux kernel/2.6.13.5
- version/linux kernel/2.6.14
- version/linux kernel/2.6.14.1
- version/linux kernel/2.6.14.2
- version/linux kernel/2.6.14.3
- version/linux kernel/2.6.14.4
- version/linux kernel/2.6.14.5
- version/linux kernel/2.6.14.6
- version/linux kernel/2.6.14.7
- version/linux kernel/2.6.15
- version/linux kernel/2.6.15.1
- version/linux kernel/2.6.15.2
- version/linux kernel/2.6.15.3
- version/linux kernel/2.6.15.4
- version/linux kernel/2.6.15.5
- version/linux kernel/2.6.15.6
- version/linux kernel/2.6.15.7
- version/linux kernel/2.6.16
- version/linux kernel/2.6.16.1
- version/linux kernel/2.6.16.2
- version/linux kernel/2.6.16.3
- version/linux kernel/2.6.16.10
- version/linux kernel/2.6.16.11
- version/linux kernel/2.6.16.12
- version/linux kernel/2.6.16.13
- version/linux kernel/2.6.16.14
- version/linux kernel/2.6.16.15
- version/linux kernel/2.6.16.16
- version/linux kernel/2.6.16.17
- version/linux kernel/2.6.16.18
- version/linux kernel/2.6.16.19
- version/linux kernel/2.6.16.20
- version/linux kernel/2.6.16.21
- version/linux kernel/2.6.16.22
- version/linux kernel/2.6.16.23
- version/linux kernel/2.6.16.24
- version/linux kernel/2.6.16.25
- version/linux kernel/2.6.16.26
- version/linux kernel/2.6.16.27
- version/linux kernel/2.6.16.28
- version/linux kernel/2.6.16.29
- version/linux kernel/2.6.16.30
- version/linux kernel/2.6.16.31--rc1
- version/linux kernel/2.6.16.31--rc2
- version/linux kernel/2.6.16.31--rc3
- version/linux kernel/2.6.16.31--rc4