Vulnerability Description
The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Kernel | Linux Kernel | 2.6.28-rc1 |
| Linux | Linux Kernel | 2.6.31-rc2 |
Related Weaknesses (CWE)
References
- http://lkml.org/lkml/2009/9/3/1Exploit
- http://lkml.org/lkml/2009/9/3/107Exploit
- http://secunia.com/advisories/37105
- http://www.openwall.com/lists/oss-security/2009/09/03/4Exploit
- http://www.ubuntu.com/usn/USN-852-1
- http://lkml.org/lkml/2009/9/3/1Exploit
- http://lkml.org/lkml/2009/9/3/107Exploit
- http://secunia.com/advisories/37105
- http://www.openwall.com/lists/oss-security/2009/09/03/4Exploit
- http://www.ubuntu.com/usn/USN-852-1
FAQ
What is CVE-2009-3288?
CVE-2009-3288 is a vulnerability with a CVSS score of 4.9 (MEDIUM). The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of serv...
How severe is CVE-2009-3288?
CVE-2009-3288 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3288?
Check the references section above for vendor advisories and patch information. Affected products include: Kernel Linux Kernel, Linux Linux Kernel.