Vulnerability Name:

CVE-2009-3288 (CCN-53561)

Assigned:2009-09-03
Published:2009-09-03
Updated:2011-09-15
Summary:The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD.
Note: this is only exploitable by users who can open the cdrom device.
CVSS v3 Severity:6.2 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): High
CVSS v2 Severity:4.9 Medium (CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C)
3.8 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
4.7 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C)
3.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C/E:U/RL:TF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Complete
Vulnerability Type:CWE-119
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2009-3288

Source: MLIST
Type: Exploit
[linux-kernel] 20090902 [BUG] 2.6.31-rc8 readcd Oops

Source: CCN
Type: LKML.ORG Web site
[PATCH] sg: fix oops in the error path in sg_build_indirect()

Source: MLIST
Type: Exploit
[linux-kernel] 20090903 [PATCH] sg: fix oops in the error path in sg_build_indirect()

Source: SECUNIA
Type: UNKNOWN
37105

Source: CCN
Type: The Linux Kernel Archives Web site
The Linux Kernel

Source: CCN
Type: oss-security Mailing List, Fri, 04 Sep 2009 00:09:19 +0800
CVE request: kernel: NULL pointer dereference in sg_build_indirect()

Source: MLIST
Type: Exploit
[oss-security] 20090904 CVE request: kernel: NULL pointer dereference in sg_build_indirect()

Source: CCN
Type: OSVDB ID: 58322
Linux Kernel drivers/scsi/sg.c sg_build_indirect Function Local DoS

Source: CCN
Type: BID-36238
Linux Kernel 'drivers/scsi/sg.c' NULL Pointer Dereference Denial of Service Vulnerability

Source: CCN
Type: USN-852-1
Linux kernel vulnerabilities

Source: UBUNTU
Type: UNKNOWN
USN-852-1

Source: XF
Type: UNKNOWN
linux-kernel-sgbuildindirect-dos(53561)

Vulnerable Configuration:Configuration 1:
  • cpe:/o:linux:linux_kernel:2.6.28:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31-rc2:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31-rc3:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31-rc4:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31-rc5:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31-rc6:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31-rc7:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31-rc8:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31-rc9:*:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31-rc10:*:*:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/o:linux:linux_kernel:2.6.28:rc1:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc2:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc3:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc4:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc5:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc6:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc7:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc8:*:*:*:*:*:*
  • OR cpe:/o:linux:linux_kernel:2.6.31:rc9:*:*:*:*:*:*
  • AND
  • cpe:/o:canonical:ubuntu:6.06::lts:*:*:*:*:*
  • OR cpe:/o:canonical:ubuntu:8.04::lts:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:13527
    P
    		USN-852-1 -- linux, linux-source-2.6.15 vulnerabilities
    2014-06-30
    BACK
    kernel linux kernel 2.6.28-rc1
    linux linux kernel 2.6.31-rc2
    linux linux kernel 2.6.31-rc3
    linux linux kernel 2.6.31-rc4
    linux linux kernel 2.6.31-rc5
    linux linux kernel 2.6.31-rc6
    linux linux kernel 2.6.31-rc7
    linux linux kernel 2.6.31-rc8
    linux linux kernel 2.6.31-rc9
    linux linux kernel 2.6.31-rc10
    linux linux kernel 2.6.28 rc1
    linux linux kernel 2.6.31 rc2
    linux linux kernel 2.6.31 rc3
    linux linux kernel 2.6.31 rc4
    linux linux kernel 2.6.31 rc5
    linux linux kernel 2.6.31 rc6
    linux linux kernel 2.6.31 rc7
    linux linux kernel 2.6.31 rc8
    linux linux kernel 2.6.31 rc9
    canonical ubuntu 6.06
    canonical ubuntu 8.04