CVE-2009-3556

Name: CVE-2009-3556
Creator: NVD / NIST
Published: 2010-01-27T17:30:00.543+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 0.38%

Last modified Jun 16, 2026

CVE-2009-3556 is a vulnerability of currently unknown severity. A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.. EPSS estimates a 0.38% chance of exploitation in the next 30 days.

Description

A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.

Metrics

EPSS Probability

0.38%

30.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-264

Affected Software

Vendor	Product	Versions
Linux	Linux Kernel	2.6.18
Redhat	Enterprise Linux	5

References

Timeline

Published: Jan 27, 2010
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2009-3556?

How severe is CVE-2009-3556?

Severity scoring for CVE-2009-3556 is pending analysis. The EPSS model estimates a 0.38% probability of exploitation in the next 30 days.

How do I fix CVE-2009-3556?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2009-3556?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST