CVE-2009-0834

The audit_syscall_entry function in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform does not properly handle (1) a 32-bit process making a 64-bit syscall or (2) a 64-bit process making a 32-bit syscall, which allows local users to bypass certain syscall audit configurations via crafted syscalls, a related issue to CVE-2009-0342 and CVE-2009-0343.

Published: Mar 6, 2009
Updated: Nov 9, 2025
CVE: CVE-2009-0834
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	-	2.6.28.7.x
debian / debian_linux	5.0	5.0.x
debian / debian_linux	4.0	4.0.x
canonical / ubuntu_linux	7.10	7.10.x
canonical / ubuntu_linux	8.10	8.10.x
canonical / ubuntu_linux	8.04	8.04.x
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux_workstation	5.0	5.0.x
redhat / enterprise_linux_desktop	4.0	4.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x
redhat / enterprise_linux_eus	4.7	4.7.x
redhat / enterprise_linux_server	4.0	4.0.x
redhat / enterprise_linux_workstation	4.0	4.0.x
redhat / enterprise_linux_server_aus	5.3	5.3.x
redhat / enterprise_linux_eus	5.3	5.3.x
opensuse / opensuse	11.0	11.0.x
opensuse / opensuse	10.3	10.3.x
suse / linux_enterprise_server	10-sp2	10-sp2.x
suse / linux_enterprise_desktop	10-sp2	10-sp2.x
suse / linux_enterprise_software_development_kit	10-sp2	10-sp2.x

Vulnerability Database

300,830

CVE-2009-0834

Deep Security Visibility Without the Complexity