Published: 22/09/2009 Updated: 15/09/2011
CVSS v2 Base Score: 4.9 | Impact Score: 6.9 | Exploitability Score: 3.9
VMScore: 436
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Summary

The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 up to and including 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.

Affected Products

Vendor Product Versions
KernelLinux Kernel2.6.28-rc1
LinuxLinux Kernel2.6.31-rc2, 2.6.31-rc3, 2.6.31-rc4, 2.6.31-rc5, 2.6.31-rc6, 2.6.31-rc7, 2.6.31-rc8, 2.6.31-rc9, 2.6.31-rc10

Vendor Advisories

Solar Designer discovered that the z90crypt driver did not correctly check capabilities A local attacker could exploit this to shut down the device, leading to a denial of service Only affected Ubuntu 606 (CVE-2009-1883) ...

Github Repositories