Kernel » Linux Kernel » 2.6.28-rc1 : Security Vulnerabilities, CVEs,

cpe:2.3:a:kernel:linux_kernel:2.6.28-rc1:*:*:*:*:*:*:*

CVE-2009-3288

The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.
Max CVSS
4.9
EPSS Score
0.04%
Published
2009-09-22
Updated
2011-09-15
1 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close