CVE DATABASE / CVE-2009-2698

CVE-2009-2698

CVSS 7.8 · HIGH

Summary

The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vectors involving the MSG_MORE flag and a UDP socket.

CVSS 3.1 breakdown

Base score	7.8 (HIGH)
Vector	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack vector	LOCAL
Attack complexity	LOW
Privileges required	LOW
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	HIGH

Weakness type (CWE)

CWE-476

Affected products

Linux linux kernelCanonical ubuntu linuxSuse linux enterprise desktopSuse linux enterprise serverFedoraproject fedoraRedhat enterprise linux desktopRedhat enterprise linux eusRedhat enterprise linux serverRedhat enterprise linux server ausRedhat enterprise linux workstationVmware vcenter serverVmware esxi

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.