CVE-2009-2768

The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact by executing a shared flat binary, which triggers an access of an "uninitialized cred pointer."

Published: Aug 14, 2009
Updated: Nov 9, 2025
CVE: CVE-2009-2768
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.8
AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-476
CWE-824

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.6.31-rc4	2.6.31-rc4.x
linux / linux_kernel	2.6.31-rc1	2.6.31-rc1.x
linux / linux_kernel	2.6.31-rc5	2.6.31-rc5.x
linux / linux_kernel	2.6.31-rc3	2.6.31-rc3.x
linux / linux_kernel	2.6.31-rc2	2.6.31-rc2.x
linux / linux_kernel	-	2.6.31

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3440625d78711bee41a84cf29c3d8c579b522666
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3440625d78711bee41a84cf29c3d8c579b522666
http://lkml.org/lkml/2009/6/22/91
http://secunia.com/advisories/36278
http://thread.gmane.org/gmane.linux.hardware.blackfin.kernel.devel/1905
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.30.5
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.31-rc6
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://www.openwall.com/lists/oss-security/2009/08/13/1
http://www.securityfocus.com/bid/36037
https://exchange.xforce.ibmcloud.com/vulnerabilities/52909

Vulnerability Database

314,496

CVE-2009-2768

Deep Security Visibility Without the Complexity