CVE-2009-2844

cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE) and the subsequent frame contains an SSID IE, which triggers a NULL pointer dereference in the cmp_ies function. NOTE: a potential weakness in the is_mesh function was also addressed, but the relevant condition did not exist in the code, so it is not a vulnerability.

Published: Aug 18, 2009
Updated: Nov 8, 2023
CVE: CVE-2009-2844
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.6.11	2.6.11.x
linux / linux_kernel	2.6.16.16	2.6.16.16.x
linux / linux_kernel	2.6.11.2	2.6.11.2.x
linux / linux_kernel	2.6.15.3	2.6.15.3.x
linux / linux_kernel	2.6.11.10	2.6.11.10.x
linux / linux_kernel	2.6.1	2.6.1.x
linux / linux_kernel	2.6.14.7	2.6.14.7.x
linux / linux_kernel	2.6.13	2.6.13.x
linux / linux_kernel	2.6.13.3	2.6.13.3.x
linux / linux_kernel	2.6.11.8	2.6.11.8.x
linux / linux_kernel	2.6.14.4	2.6.14.4.x
linux / linux_kernel	2.6.14	2.6.14.x
linux / linux_kernel	2.6.16.31--rc3	2.6.16.31--rc3.x
linux / linux_kernel	2.6.16.18	2.6.16.18.x
linux / linux_kernel	2.6.10	2.6.10.x
linux / linux_kernel	2.6.14.3	2.6.14.3.x
linux / linux_kernel	2.6.11.6	2.6.11.6.x
linux / linux_kernel	2.6.11.11	2.6.11.11.x
linux / linux_kernel	2.6.16.13	2.6.16.13.x
linux / linux_kernel	2.6.16.15	2.6.16.15.x
linux / linux_kernel	2.6.15.6	2.6.15.6.x
linux / linux_kernel	2.6.15.1	2.6.15.1.x
linux / linux_kernel	2.6.11.5	2.6.11.5.x
linux / linux_kernel	2.6.16.1	2.6.16.1.x
linux / linux_kernel	2.6.14.5	2.6.14.5.x
linux / linux_kernel	2.6.13.2	2.6.13.2.x
linux / linux_kernel	2.6.13.5	2.6.13.5.x
linux / linux_kernel	2.6.16.11	2.6.16.11.x
linux / linux_kernel	2.6.16.14	2.6.16.14.x
linux / linux_kernel	2.6.16.25	2.6.16.25.x
linux / linux_kernel	2.6.16.21	2.6.16.21.x
linux / linux_kernel	2.6.16.28	2.6.16.28.x
linux / linux_kernel	2.6.14.1	2.6.14.1.x
linux / linux_kernel	2.6.16.23	2.6.16.23.x
linux / linux_kernel	2.6.12.5	2.6.12.5.x
linux / linux_kernel	2.6.15.7	2.6.15.7.x
linux / linux_kernel	2.6.16.3	2.6.16.3.x
linux / linux_kernel	2.6.14.6	2.6.14.6.x
linux / linux_kernel	2.6.12.1	2.6.12.1.x
linux / linux_kernel	2.6.11.9	2.6.11.9.x
linux / linux_kernel	2.6.0	2.6.0.x
linux / linux_kernel	2.6.13.4	2.6.13.4.x
linux / linux_kernel	2.6.12.2	2.6.12.2.x
linux / linux_kernel	2.6.16.31	2.6.16.31.x
linux / linux_kernel	2.6.16.26	2.6.16.26.x
linux / linux_kernel	2.6.16.29	2.6.16.29.x
linux / linux_kernel	2.6.16	2.6.16.x
linux / linux_kernel	2.6.15.2	2.6.15.2.x
linux / linux_kernel	2.6.16.22	2.6.16.22.x
linux / linux_kernel	2.6.16.10	2.6.16.10.x
linux / linux_kernel	2.6.12.4	2.6.12.4.x
linux / linux_kernel	2.6.11.3	2.6.11.3.x
linux / linux_kernel	2.6.16.24	2.6.16.24.x
linux / linux_kernel	2.6.16.31--rc2	2.6.16.31--rc2.x
linux / kernel	2.6.24.7	2.6.24.7.x
linux / linux_kernel	2.6.12.3	2.6.12.3.x
linux / linux_kernel	2.6.16.30	2.6.16.30.x
linux / linux_kernel	2.6.15.4	2.6.15.4.x
linux / linux_kernel	2.6.16.17	2.6.16.17.x
linux / linux_kernel	2.6.16.12	2.6.16.12.x
linux / linux_kernel	2.6.16.31--rc1	2.6.16.31--rc1.x
linux / linux_kernel	2.6.16.27	2.6.16.27.x
linux / linux_kernel	2.6.12.6	2.6.12.6.x
linux / linux_kernel	-	2.6.16.31.x
linux / linux_kernel	2.6.11.7	2.6.11.7.x
linux / linux_kernel	2.6.16.2	2.6.16.2.x
linux / linux_kernel	2.6.15	2.6.15.x
linux / kernel	2.6.25.15	2.6.25.15.x
linux / linux_kernel	2.6.14.2	2.6.14.2.x
linux / linux_kernel	2.6.11.4	2.6.11.4.x
linux / linux_kernel	2.6.16.19	2.6.16.19.x
linux / linux_kernel	2.6.11.12	2.6.11.12.x
linux / linux_kernel	2.6.16.20	2.6.16.20.x
linux / linux_kernel	2.6.15.5	2.6.15.5.x
linux / linux_kernel	2.6.11.1	2.6.11.1.x
linux / linux_kernel	2.6.16.31--rc4	2.6.16.31--rc4.x
linux / linux_kernel	2.6.13.1	2.6.13.1.x
linux / linux_kernel	2.6	2.6.x
linux / linux_kernel	2.6.12	2.6.12.x

Vulnerability Database

289,599

CVE-2009-2844