7.8
CVE-2009-3620
- EPSS 0.07%
- Veröffentlicht 22.10.2009 16:00:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version < 2.6.31.1
Fedoraproject ≫ Fedora Version10
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04 SwEdition-
Canonical ≫ Ubuntu Linux Version8.10
Canonical ≫ Ubuntu Linux Version9.04
Canonical ≫ Ubuntu Linux Version9.10
Redhat ≫ Mrg Realtime Version1.0
Suse ≫ Linux Enterprise Debuginfo Version10 Updatesp2
Suse ≫ Linux Enterprise Debuginfo Version10 Updatesp3
Suse ≫ Linux Enterprise Desktop Version10 Updatesp2
Suse ≫ Linux Enterprise Desktop Version10 Updatesp3
Suse ≫ Linux Enterprise Server Version8
Suse ≫ Linux Enterprise Server Version10 Updatesp2 SwEdition-
Suse ≫ Linux Enterprise Server Version10 Updatesp3 SwEdition-
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.07% | 0.229 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 4.9 | 3.9 | 6.9 |
AV:L/AC:L/Au:N/C:N/I:N/A:C
|
CWE-476 NULL Pointer Dereference
The product dereferences a pointer that it expects to be valid but is NULL.
CWE-908 Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.