7.8

CVE-2009-3620

The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxLinux Kernel Version < 2.6.31.1
FedoraprojectFedora Version10
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
CanonicalUbuntu Linux Version9.10
RedhatMrg Realtime Version1.0
SuseLinux Enterprise Debuginfo Version10 Updatesp2
SuseLinux Enterprise Debuginfo Version10 Updatesp3
OpensuseOpensuse Version11.0
SuseLinux Enterprise Desktop Version10 Updatesp2
SuseLinux Enterprise Desktop Version10 Updatesp3
SuseLinux Enterprise Server Version10 Updatesp2 SwEdition-
SuseLinux Enterprise Server Version10 Updatesp3 SwEdition-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.43% 0.338
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.8 1.8 5.9
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 4.9 3.9 6.9
AV:L/AC:L/Au:N/C:N/I:N/A:C
CWE-476 NULL Pointer Dereference

The product dereferences a pointer that it expects to be valid but is NULL.

CWE-908 Use of Uninitialized Resource

The product uses or accesses a resource that has not been initialized.

http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Broken Link
http://secunia.com/advisories/38794
Broken Link
http://www.vupen.com/english/advisories/2010/0528
Broken Link
http://secunia.com/advisories/38834
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
Broken Link
https://rhn.redhat.com/errata/RHSA-2009-1540.html
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
Mailing List
http://secunia.com/advisories/36707
Vendor Advisory
Broken Link
http://secunia.com/advisories/37909
Broken Link
http://www.ubuntu.com/usn/usn-864-1
Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2009-1670.html
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html
Mailing List
Release Notes
http://www.redhat.com/support/errata/RHSA-2009-1671.html
Broken Link
http://article.gmane.org/gmane.linux.kernel/892259
Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7
Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log
Patch
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:088
Broken Link
http://www.openwall.com/lists/oss-security/2009/10/19/1
Patch
Mailing List
http://www.openwall.com/lists/oss-security/2009/10/19/3
Patch
Mailing List
http://www.redhat.com/support/errata/RHSA-2010-0882.html
Broken Link
http://www.securityfocus.com/bid/36824
Third Party Advisory
Broken Link
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=529597
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891
Broken Link