CVE-2009-2793

The kernel in NetBSD, probably 5.0.1 and earlier, on x86 platforms does not properly handle a pre-commit failure of the iret instruction, which might allow local users to gain privileges via vectors related to a tempEIP pseudocode variable that is outside of the code-segment limits.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.6 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
netbsdnetbsd
𝑥
≤ 5.0.1
netbsdnetbsd
0.8
netbsdnetbsd
0.9
netbsdnetbsd
1.0
netbsdnetbsd
1.1
netbsdnetbsd
1.2
netbsdnetbsd
1.2.1
netbsdnetbsd
1.3
netbsdnetbsd
1.3.1
netbsdnetbsd
1.3.2
netbsdnetbsd
1.3.3
netbsdnetbsd
1.5
netbsdnetbsd
1.5.1
netbsdnetbsd
1.5.2
netbsdnetbsd
1.5.3
netbsdnetbsd
1.6
netbsdnetbsd
1.6.1
netbsdnetbsd
1.6.2
netbsdnetbsd
2.0
netbsdnetbsd
2.0.1
netbsdnetbsd
2.0.2
netbsdnetbsd
2.0.3
netbsdnetbsd
2.1
netbsdnetbsd
3.0
netbsdnetbsd
3.0.1
netbsdnetbsd
3.0.2
netbsdnetbsd
3.1
netbsdnetbsd
4.0
netbsdnetbsd
4.0.1
netbsdnetbsd
5.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/archive/1/506531/100/0/threaded
http://www.securityfocus.com/archive/1/506531/100/0/threaded