7.2
CVE-2009-3080
- EPSS 0.42%
- Veröffentlicht 20.11.2009 17:30:00
- Zuletzt bearbeitet 16.06.2026 23:10:53
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version <= 2.6.31.6
Linux ≫ Linux Kernel Version2.6.32 Update-
Linux ≫ Linux Kernel Version2.6.32 Updaterc1
Linux ≫ Linux Kernel Version2.6.32 Updaterc3
Linux ≫ Linux Kernel Version2.6.32 Updaterc4
Linux ≫ Linux Kernel Version2.6.32 Updaterc5
Suse ≫ Linux Enterprise Desktop Version10 Updatesp2
Suse ≫ Linux Enterprise Desktop Version10 Updatesp3
Suse ≫ Linux Enterprise Server Version10 Updatesp2 SwEdition-
Suse ≫ Linux Enterprise Server Version10 Updatesp3 SwEdition-
Debian ≫ Debian Linux Version4.0
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04
Canonical ≫ Ubuntu Linux Version8.10
Canonical ≫ Ubuntu Linux Version9.04
Canonical ≫ Ubuntu Linux Version9.10
Redhat ≫ Virtualization Version5.0
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Eus Version5.4
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Server Workstation Version5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.42% | 0.332 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-129 Improper Validation of Array Index
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
http://support.avaya.com/css/P8/documents/100073666
https://rhn.redhat.com/errata/RHSA-2010-0046.html
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:051
http://www.debian.org/security/2010/dsa-2005
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
http://secunia.com/advisories/37909
http://www.ubuntu.com/usn/usn-864-1
http://www.redhat.com/support/errata/RHSA-2010-0882.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
http://secunia.com/advisories/38017
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
http://secunia.com/advisories/38276
http://secunia.com/advisories/37720
http://www.mandriva.com/security/advisories?name=MDVSA-2010:030
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0
http://secunia.com/advisories/37435
http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8
http://www.redhat.com/support/errata/RHSA-2010-0041.html
http://www.securityfocus.com/bid/37068
http://www.vmware.com/security/advisories/VMSA-2011-0009.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101