CVE-2009-3288

The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD.  NOTE: this is only exploitable by users who can open the cdrom device.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.9 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:N/I:N/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 23%
VendorProductVersion
kernellinux_kernel
2.6.28-rc1
linuxlinux_kernel
2.6.31-rc2
linuxlinux_kernel
2.6.31-rc3
linuxlinux_kernel
2.6.31-rc4
linuxlinux_kernel
2.6.31-rc5
linuxlinux_kernel
2.6.31-rc6
linuxlinux_kernel
2.6.31-rc7
linuxlinux_kernel
2.6.31-rc8
linuxlinux_kernel
2.6.31-rc9
linuxlinux_kernel
2.6.31-rc10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
jaunty
Fixed 2.6.28-16.55
released
intrepid
not-affected
hardy
not-affected
dapper
dne
linux-source-2.6.15
jaunty
dne
intrepid
dne
hardy
dne
dapper
not-affected
Common Weakness Enumeration
References
http://lkml.org/lkml/2009/9/3/1
http://lkml.org/lkml/2009/9/3/107
http://secunia.com/advisories/37105
http://www.openwall.com/lists/oss-security/2009/09/03/4
http://www.ubuntu.com/usn/USN-852-1
http://lkml.org/lkml/2009/9/3/1
http://lkml.org/lkml/2009/9/3/107
http://secunia.com/advisories/37105
http://www.openwall.com/lists/oss-security/2009/09/03/4
http://www.ubuntu.com/usn/USN-852-1