CVE-2009-3080 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2009-3080?

CVE-2009-3080 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3080?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Debian Debian Linux.

Vulnerability Description

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	<= 2.6.31.6
Opensuse	Opensuse	11.1
Suse	Linux Enterprise Desktop	10
Suse	Linux Enterprise Server	10
Debian	Debian Linux	4.0
Canonical	Ubuntu Linux	6.06
Vmware	Esx	3.5
Redhat	Virtualization	5.0
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Eus	5.4
Redhat	Enterprise Linux Server	5.0
Redhat	Enterprise Linux Server Workstation	5.0
Redhat	Fedora	10

Related Weaknesses (CWE)

CWE-129

References

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/37435Broken Link
http://secunia.com/advisories/37720Broken Link
http://secunia.com/advisories/37909Broken Link
http://secunia.com/advisories/38017Broken Link
http://secunia.com/advisories/38276Broken Link
http://support.avaya.com/css/P8/documents/100073666Third Party Advisory
http://www.debian.org/security/2010/dsa-2005Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:030Broken Link

FAQ

What is CVE-2009-3080?

CVE-2009-3080 is a vulnerability with a CVSS score of 7.2 (HIGH). Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negativ...

How severe is CVE-2009-3080?

CVE-2009-3080 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3080?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Server, Debian Debian Linux.