CVE-2009-3288

Published Sep 22, 2009

Last updated 13 years ago

CVSS info 4.9

Overview

Description: The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.9
Impact score: 6.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:N/I:N/A:C

Weaknesses

nvd@nist.gov: CWE-119

Hype score: Not currently trending

Vendor comments

Red HatNot vulnerable. This issue did not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 or Red Hat Enterprise MRG. This issue was introduced by upstream commit 10db10d1, and only affected kernels version 2.6.28-rc1 and later.

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:kernel:linux_kernel:2.6.28-rc1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB876AB2-97A5-42DE-AC69-C564513FA837"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C86BC69-06B6-45C7-9821-45D42D44B240"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA0353B9-907F-4B89-9104-2F4434159F0F"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7D1FF505-4135-4005-BD1A-3AC913FEE20A"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5D31D04B-1E65-4FD6-AEED-3F365C65FCDE"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24CFD647-3926-462F-B264-56E136B74F81"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE71B9D7-B52E-426A-831D-ADEDC38318E1"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6FFA2CD-0EC9-4FBB-93DC-80736622CFCA"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B64401A9-58F5-4CB6-B0E2-A3A2B92659EE"
          },
          {
            "criteria": "cpe:2.3:o:linux:linux_kernel:2.6.31-rc10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "89137307-D97D-4D8B-9291-21DE1E6C56D3"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Vendor comments

Configurations

References