CVE-2009-3288
NONE EPSS 35.2%
Published Sep 22, 200916y ago · Modified Jun 16, 20262w ago
Published Sep 22, 2009 16y ago
Last Modified Jun 16, 2026 2w ago
Description
The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.
Threat Intelligence
EPSS Exploit Probability
35.2% percentile
Exploit & Patch Status
Public Exploit Known
No Patch Available
Weaknesses 1
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety
Affected Products 10
| Vendor | Product | Version | Range |
|---|---|---|---|
| kernel | linux_kernel | 2.6.28-rc1 | any |
| linux | linux_kernel | 2.6.31-rc2 | any |
| linux | linux_kernel | 2.6.31-rc3 | any |
| linux | linux_kernel | 2.6.31-rc4 | any |
| linux | linux_kernel | 2.6.31-rc5 | any |
| linux | linux_kernel | 2.6.31-rc6 | any |
| linux | linux_kernel | 2.6.31-rc7 | any |
| linux | linux_kernel | 2.6.31-rc8 | any |
| linux | linux_kernel | 2.6.31-rc9 | any |
| linux | linux_kernel | 2.6.31-rc10 | any |
References 5
- lkml.org http://lkml.org/lkml/2009/9/3/1
- lkml.org http://lkml.org/lkml/2009/9/3/107
- secunia.com http://secunia.com/advisories/37105
- openwall.com http://www.openwall.com/lists/oss-security/2009/09/03/4
- ubuntu.com http://www.ubuntu.com/usn/USN-852-1
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.