Vulnerability Details : CVE-2009-3280
Integer signedness error in the find_ie function in net/wireless/scan.c in the cfg80211 subsystem in the Linux kernel before 2.6.31.1-rc1 allows remote attackers to cause a denial of service (soft lockup) via malformed packets.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2009-3280
- cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Threat overview for CVE-2009-3280
Top countries where our scanners detected CVE-2009-3280
Top open port discovered on systems with this issue
49152
IPs affected by CVE-2009-3280 1,597
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2009-3280!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2009-3280
0.74%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 81 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2009-3280
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2009-3280
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2009-3280
-
Red Hat 2009-09-22Not vulnerable. This vulnerability was introduced into the Linux kernel in version 2.6.30-rc1 via upstream commit 2a519311, and therefore does not affect users of Red Hat Enterprise Linux 3, 4, 5, and Red Hat Enterprise MRG.
References for CVE-2009-3280
-
http://www.openwall.com/lists/oss-security/2009/09/16/2
Mailing List;Third Party Advisory
-
http://patchwork.kernel.org/patch/45106/
Patch;Vendor Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/stable-review/patch-2.6.31.1-rc1.bz2
Patch;Release Notes;Vendor Advisory
-
http://www.securityfocus.com/bid/36421
Third Party Advisory;VDB Entry
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fcc6cb0c13555e78c2d47257b6d1b5e59b0c419a
Patch;Vendor Advisory
Jump to