[email protected]CVE-2009-3620

HistoryOct 22, 2009 - 4:00 p.m.

CVE-2009-3620

2009-10-2216:00:00

CWE-908

CWE-476

[email protected]

web.nvd.nist.gov

ati rage 128

r128 driver

linux kernel

denial of service

privilege escalation

cve-2009-3620

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.9%

JSON

The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.

Affected configurations

NVD

Node

linuxlinux_kernelRange<2.6.31.1

Node

fedoraprojectfedoraMatch10

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch8.04-

canonicalubuntu_linuxMatch8.10

canonicalubuntu_linuxMatch9.04

canonicalubuntu_linuxMatch9.10

Node

redhatmrg_realtimeMatch1.0

Node

suselinux_enterprise_debuginfoMatch10sp2

suselinux_enterprise_debuginfoMatch10sp3

opensuseopensuseMatch11.0

suselinux_enterprise_desktopMatch10sp2

suselinux_enterprise_desktopMatch10sp3

suselinux_enterprise_serverMatch8

suselinux_enterprise_serverMatch10sp2-

suselinux_enterprise_serverMatch10sp3-

CPENameOperatorVersion
linux:linux_kernellinux linux kernellt2.6.31.1

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	lt	2.6.31.1

References

article.gmane.org/gmane.linux.kernel/892259

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7

lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html

lists.vmware.com/pipermail/security-announce/2010/000082.html

secunia.com/advisories/36707

secunia.com/advisories/37909

secunia.com/advisories/38794

secunia.com/advisories/38834

www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log

www.mandriva.com/security/advisories?name=MDVSA-2010:088

www.mandriva.com/security/advisories?name=MDVSA-2010:198

www.openwall.com/lists/oss-security/2009/10/19/1

www.openwall.com/lists/oss-security/2009/10/19/3

www.redhat.com/support/errata/RHSA-2009-1670.html

www.redhat.com/support/errata/RHSA-2009-1671.html

www.redhat.com/support/errata/RHSA-2010-0882.html

www.securityfocus.com/bid/36824

www.ubuntu.com/usn/usn-864-1

www.vupen.com/english/advisories/2010/0528

bugzilla.redhat.com/show_bug.cgi?id=529597

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891

rhn.redhat.com/errata/RHSA-2009-1540.html

www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html

Social References

4.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.9%

JSON

Related for CVE-2009-3620

ubuntucve1 prion1 cvelist1 nvd1 veracode1 nessus38 redhat5 centos2 openvas52 oraclelinux3 osv2 securityvulns2 debian2 suse5 fedora8 ubuntu1 vmware4