CVE-2009-3288
Last modified
CVE-2009-3288 is a vulnerability of currently unknown severity. The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.. EPSS estimates a 0.44% chance of exploitation in the next 30 days.
Description
The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Kernel | Linux Kernel | 2.6.28-rc1 |
| Linux | Linux Kernel | 2.6.31-rc2 |
| Linux | Linux Kernel | 2.6.31-rc3 |
| Linux | Linux Kernel | 2.6.31-rc4 |
| Linux | Linux Kernel | 2.6.31-rc5 |
| Linux | Linux Kernel | 2.6.31-rc6 |
| Linux | Linux Kernel | 2.6.31-rc7 |
| Linux | Linux Kernel | 2.6.31-rc8 |
| Linux | Linux Kernel | 2.6.31-rc9 |
| Linux | Linux Kernel | 2.6.31-rc10 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2009-3288?
How severe is CVE-2009-3288?
How do I fix CVE-2009-3288?
Are you affected by CVE-2009-3288?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST