Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

CVE-2009-3620

Disclosure Date: October 22, 2009
CVE-2009-3620 CVSS v3 Base Score: 7.8
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
7.8 High
Impact Score:
5.9
Exploitability Score:
1.8
Vector:
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality (C):
High
Integrity (I):
High
Availability (A):
High

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

Vendors

  • canonical,
  • fedoraproject,
  • linux,
  • opensuse,
  • redhat,
  • suse

Products

  • fedora 10,
  • linux enterprise debuginfo 10,
  • linux enterprise desktop 10,
  • linux enterprise server 10,
  • linux enterprise server 8,
  • linux kernel,
  • mrg realtime 1.0,
  • opensuse 11.0,
  • ubuntu linux 6.06,
  • ubuntu linux 8.04,
  • ubuntu linux 8.10,
  • ubuntu linux 9.04,
  • ubuntu linux 9.10

References

Canonical
CVE-2009-3620 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620)
BID-36824 (http://www.securityfocus.com/bid/36824)
Advisory
[oss-security] 20091019 Re: CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised (http://www.openwall.com/lists/oss-security/2009/10/19/3)
http://www.redhat.com/support/errata/RHSA-2009-1671.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891
https://rhn.redhat.com/errata/RHSA-2009-1540.html
https://bugzilla.redhat.com/show_bug.cgi?id=529597
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
USN-864-1 (http://www.ubuntu.com/usn/usn-864-1)
SECUNIA-38794 (http://secunia.com/advisories/38794)
[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates (http://lists.vmware.com/pipermail/security-announce/2010/000082.html)
SECUNIA-36707 (http://secunia.com/advisories/36707)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
[linux-kernel] 20090921 [git pull] drm tree. (http://article.gmane.org/gmane.linux.kernel/892259)
http://www.mandriva.com/security/advisories?name=MDVSA-2010:088
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log
SECUNIA-37909 (http://secunia.com/advisories/37909)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763
http://www.redhat.com/support/errata/RHSA-2010-0882.html
http://www.redhat.com/support/errata/RHSA-2009-1670.html
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
[oss-security] 20091019 CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised (http://www.openwall.com/lists/oss-security/2009/10/19/1)
SECUNIA-38834 (http://secunia.com/advisories/38834)
http://git.kernel.org?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7dc482dfeeeefcfd000d4271c4626937406756d7
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
FEDORA-2009-11038 (https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html)
ADV-2010-0528 (http://www.vupen.com/english/advisories/2010/0528)
Miscellaneous
https://access.redhat.com/errata/RHSA-2010:0882
https://access.redhat.com/errata/RHSA-2009:1540
https://access.redhat.com/errata/RHSA-2009:1671
https://access.redhat.com/errata/RHSA-2009:1670
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7
https://access.redhat.com/security/cve/CVE-2009-3620

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis