CVE-2009-3080

2009-11-2017:30:00

CWE-129

[email protected]

web.nvd.nist.gov

cve-2009-3080

array index error

gdth_read_event

linux kernel

denial of service

privilege escalation

nvd

6.5 Medium

AI Score

Confidence

High

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

19.3%

JSON

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle2.6.31.6
linux:linux_kernellinux linux kerneleq2.6.32
opensuse:opensuseopensuseeq11.1
opensuse:opensuseopensuseeq11.2
suse:linux_enterprise_desktopsuse linux enterprise desktopeq10
suse:linux_enterprise_serversuse linux enterprise servereq10
debian:debian_linuxdebian debian linuxeq4.0
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq8.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq9.10

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	2.6.31.6
linux:linux_kernel	linux linux kernel	eq	2.6.32
opensuse:opensuse	opensuse	eq	11.1
opensuse:opensuse	opensuse	eq	11.2
suse:linux_enterprise_desktop	suse linux enterprise desktop	eq	10
suse:linux_enterprise_server	suse linux enterprise server	eq	10
debian:debian_linux	debian debian linux	eq	4.0
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	8.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	9.10