CVE-2009-4138

2009-12-1619:30:00

CWE-399

[email protected]

web.nvd.nist.gov

linux

kernel

denial of service

vulnerability

cve-2009-4138

nvd

6.6 Medium

AI Score

Confidence

High

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

9.4%

JSON

drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.27.29
linux:linux_kernellinux linux kerneleq2.6.27.12
linux:linux_kernellinux linux kerneleq2.6.20.6
linux:linux_kernellinux linux kerneleq2.6.20.9
linux:linux_kernellinux linux kerneleq2.6.11
linux:linux_kernellinux linux kerneleq2.6.23.4
linux:linux_kernellinux linux kerneleq2.6.22.15
linux:linux_kernellinux linux kerneleq2.6.16.16
linux:linux_kernellinux linux kerneleq2.6.18.7
linux:linux_kernellinux linux kerneleq2.6.17.12

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.27.29
linux:linux_kernel	linux linux kernel	eq	2.6.27.12
linux:linux_kernel	linux linux kernel	eq	2.6.20.6
linux:linux_kernel	linux linux kernel	eq	2.6.20.9
linux:linux_kernel	linux linux kernel	eq	2.6.11
linux:linux_kernel	linux linux kernel	eq	2.6.23.4
linux:linux_kernel	linux linux kernel	eq	2.6.22.15
linux:linux_kernel	linux linux kernel	eq	2.6.16.16
linux:linux_kernel	linux linux kernel	eq	2.6.18.7
linux:linux_kernel	linux linux kernel	eq	2.6.17.12