CVE-2009-1897

NameCVE-2009-1897
DescriptionThe tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer dereference and an mmap of /dev/net/tun, a different vulnerability than CVE-2009-1894.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs537409

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linux-2.6sourceetch(not affected)
linux-2.6sourcelenny(not affected)
linux-2.6source(unstable)2.6.30-3high537409
linux-2.6.24source(unstable)(not affected)

Notes

[etch] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
[lenny] - linux-2.6 <not-affected> (vulnerable code introduced in 2.6.29)
- linux-2.6.24 <not-affected> (vulnerable code introduced in 2.6.29)
http://seclists.org/fulldisclosure/2009/Jul/0241.html

Search for package or bug name: Reporting problems