CVE-2009-3725

Publication date 6 November 2009

Last updated 24 July 2024

Ubuntu priority

The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restrictions and gain privileges via calls to functions in these subsystems.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	9.10 karmic	Fixed 2.6.31-16.52
	9.04 jaunty	Fixed 2.6.28-17.58
	8.10 intrepid	Fixed 2.6.27-16.44
	8.04 LTS hardy	Fixed 2.6.24-26.64
	6.06 LTS dapper	Not in release
linux-source-2.6.15	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	6.06 LTS dapper	Not affected

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-864-1
Linux kernel vulnerabilities
5 December 2009

Other references

https://www.cve.org/CVERecord?id=CVE-2009-3725