The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-09-22T10:00:00
Updated: 2024-08-07T06:22:24.085Z
Reserved: 2009-09-22T00:00:00
Link: CVE-2009-3288
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-09-22T10:30:00.670
Modified: 2024-11-21T01:06:59.687
Link: CVE-2009-3288
Redhat
No data.