// For flags

CVE-2009-3288

 

Severity Score

4.9
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

3
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.

La función sg_build_indirect en drivers/scsi/sg.c en el kernel de linux v 2.6.28-rc1 a la v2.6.31-rc8 emplea una variable incorrecta cuando accede a una matriz, lo que permite a usuarios locales provocar una denegación de servicio (Kernel OOPS y una deferencia a puntero NULL), como se ha demostrado usando xcdroast para duplicar un CD. NOTA: esto es explotable únicamente por usuarios que pueden abrir la unidad de CD.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2009-09-22 CVE Reserved
  • 2009-09-22 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Kernel
Search vendor "Kernel"
Linux Kernel
Search vendor "Kernel" for product "Linux Kernel"
2.6.28-rc1
Search vendor "Kernel" for product "Linux Kernel" and version "2.6.28-rc1"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
2.6.31-rc2
Search vendor "Linux" for product "Linux Kernel" and version "2.6.31-rc2"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
2.6.31-rc3
Search vendor "Linux" for product "Linux Kernel" and version "2.6.31-rc3"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
2.6.31-rc4
Search vendor "Linux" for product "Linux Kernel" and version "2.6.31-rc4"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
2.6.31-rc5
Search vendor "Linux" for product "Linux Kernel" and version "2.6.31-rc5"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
2.6.31-rc6
Search vendor "Linux" for product "Linux Kernel" and version "2.6.31-rc6"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
2.6.31-rc7
Search vendor "Linux" for product "Linux Kernel" and version "2.6.31-rc7"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
2.6.31-rc8
Search vendor "Linux" for product "Linux Kernel" and version "2.6.31-rc8"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
2.6.31-rc9
Search vendor "Linux" for product "Linux Kernel" and version "2.6.31-rc9"
-
Affected
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
2.6.31-rc10
Search vendor "Linux" for product "Linux Kernel" and version "2.6.31-rc10"
-
Affected