Public Date:
495051: CVE-2009-1185 udev: Uncheck origin of NETLINK messages

The MITRE CVE dictionary describes this issue as:

udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.

Find out more about CVE-2009-1185 from the MITRE CVE dictionary dictionary and NIST NVD.


This issue has been fixed in Red Hat Enterprise Linux 5 via . udev packages as shipped in Red Hat Enterprise Linux 4 were not affected by this flaw, as they do not use netlink sockets for communication. udev is not shipped in Red Hat Enterprise Linux 2.1 and 3.

CVSS v2 metrics

Base Score 7.2
Base Metrics AV:L/AC:L/Au:N/C:C/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Complete
Integrity Impact Complete
Availability Impact Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (udev) RHSA-2009:0427 2009-04-16


Red Hat would like to thank Sebastian Krahmer of the SUSE Security Team for responsibly reporting this flaw.

Last Modified

CVE description copyright © 2017, The MITRE Corporation


Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.