CVE-2009-3288

The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.

Published: Sep 22, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-3288
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
linux / linux_kernel	2.6.31-rc6	2.6.31-rc6.x
linux / linux_kernel	2.6.31-rc10	2.6.31-rc10.x
linux / linux_kernel	2.6.31-rc4	2.6.31-rc4.x
linux / linux_kernel	2.6.31-rc5	2.6.31-rc5.x
linux / linux_kernel	2.6.31-rc3	2.6.31-rc3.x
linux / linux_kernel	2.6.31-rc8	2.6.31-rc8.x
linux / linux_kernel	2.6.31-rc2	2.6.31-rc2.x
kernel / linux_kernel	2.6.28-rc1	2.6.28-rc1.x
linux / linux_kernel	2.6.31-rc9	2.6.31-rc9.x
linux / linux_kernel	2.6.31-rc7	2.6.31-rc7.x

Vulnerability Database

289,598

CVE-2009-3288