CVE-2009-3288
Published Sep 22, 2009
Last updated 13 years ago
Overview
- Description
- The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4.9
- Impact score
- 6.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:N/I:N/A:C
Weaknesses
- nvd@nist.gov
- CWE-119
Vendor comments
- Red HatNot vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. This issue was introduced by upstream commit 10db10d1, and only affected kernels version 2.6.28-rc1 and later.
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:kernel:linux_kernel:2.6.28-rc1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB876AB2-97A5-42DE-AC69-C564513FA837"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C86BC69-06B6-45C7-9821-45D42D44B240"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EA0353B9-907F-4B89-9104-2F4434159F0F"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7D1FF505-4135-4005-BD1A-3AC913FEE20A"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5D31D04B-1E65-4FD6-AEED-3F365C65FCDE"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc6:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24CFD647-3926-462F-B264-56E136B74F81"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "BE71B9D7-B52E-426A-831D-ADEDC38318E1"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc8:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6FFA2CD-0EC9-4FBB-93DC-80736622CFCA"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc9:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B64401A9-58F5-4CB6-B0E2-A3A2B92659EE"
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "89137307-D97D-4D8B-9291-21DE1E6C56D3"
}
],
"operator": "OR"
}
]
}
]