Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

None

Privileges Required

Low

Attack Vector

Local

0

CVE-2009-3620

Disclosure Date: October 22, 2009 •

CVE-2009-3620 CVSS v3 Base Score: 7.8

MITRE ATT&CK

Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

7.8 High

Impact Score:

5.9

Exploitability Score:

1.8

Vector:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector (AV):

Local

Attack Complexity (AC):

Low

Privileges Required (PR):

Low

User Interaction (UI):

None

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

Products

References

Canonical

CVE-2009-3620 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620)

BID-36824 (http://www.securityfocus.com/bid/36824)

Advisory

[oss-security] 20091019 Re: CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised (http://www.openwall.com/lists/oss-security/2009/10/19/3)

http://www.redhat.com/support/errata/RHSA-2009-1671.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891

https://rhn.redhat.com/errata/RHSA-2009-1540.html

https://bugzilla.redhat.com/show_bug.cgi?id=529597

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

USN-864-1 (http://www.ubuntu.com/usn/usn-864-1)

SECUNIA-38794 (http://secunia.com/advisories/38794)

[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates (http://lists.vmware.com/pipermail/security-announce/2010/000082.html)

SECUNIA-36707 (http://secunia.com/advisories/36707)

http://www.mandriva.com/security/advisories?name=MDVSA-2010:198

[linux-kernel] 20090921 [git pull] drm tree. (http://article.gmane.org/gmane.linux.kernel/892259)

http://www.mandriva.com/security/advisories?name=MDVSA-2010:088

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log

SECUNIA-37909 (http://secunia.com/advisories/37909)

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763

http://www.redhat.com/support/errata/RHSA-2010-0882.html

http://www.redhat.com/support/errata/RHSA-2009-1670.html

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

[oss-security] 20091019 CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised (http://www.openwall.com/lists/oss-security/2009/10/19/1)

SECUNIA-38834 (http://secunia.com/advisories/38834)

http://git.kernel.org?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7dc482dfeeeefcfd000d4271c4626937406756d7

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html

FEDORA-2009-11038 (https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html)

ADV-2010-0528 (http://www.vupen.com/english/advisories/2010/0528)

Miscellaneous

https://access.redhat.com/errata/RHSA-2010:0882

https://access.redhat.com/errata/RHSA-2009:1540

https://access.redhat.com/errata/RHSA-2009:1671

https://access.redhat.com/errata/RHSA-2009:1670

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7

https://access.redhat.com/security/cve/CVE-2009-3620

Rapid7

Technical Analysis