CVE-2009-3080: Out-of-bounds Read

First published: Fri Nov 20 2009(Updated: )

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Linux Linux kernel	<=2.6.31.6
Linux Linux kernel	=2.6.32-rc1
Linux Linux kernel	=2.6.32-rc5
Linux Linux kernel	=2.6.32-rc4
Linux Linux kernel	=2.6.32-rc3
Linux Linux kernel	=2.6.32
openSUSE openSUSE	=11.1
openSUSE openSUSE	=11.2
SUSE Linux Enterprise Desktop	=10-sp2
SUSE Linux Enterprise Desktop	=10-sp3
SUSE Linux Enterprise Server	=10-sp2
SUSE Linux Enterprise Server	=10-sp3
Debian Debian Linux	=4.0
Canonical Ubuntu Linux	=9.04
Canonical Ubuntu Linux	=8.10
Canonical Ubuntu Linux	=9.10
Canonical Ubuntu Linux	=8.04
Canonical Ubuntu Linux	=6.06
VMware ESX	=3.5
Red Hat Enterprise Linux Server	=5.0
Redhat Enterprise Linux Desktop	=5.0
Redhat Enterprise Linux Eus	=5.4
Redhat Virtualization	=5.0
Redhat Enterprise Linux Server Workstation	=5.0
Redhat Fedora	=10

Never miss a vulnerability like this again

Reference Links

agent/type
agent/weakness
agent/references
agent/severity
agent/author
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
agent/softwarecombine
agent/tags
agent/source
vendor/linux
canonical/linux linux kernel
version/linux linux kernel/2.6.31.6
version/linux linux kernel/2.6.32-rc1
version/linux linux kernel/2.6.32-rc5
version/linux linux kernel/2.6.32-rc4
version/linux linux kernel/2.6.32-rc3
version/linux linux kernel/2.6.32
vendor/opensuse
canonical/opensuse opensuse
version/opensuse opensuse/11.1
version/opensuse opensuse/11.2
vendor/suse
canonical/suse linux enterprise desktop
version/suse linux enterprise desktop/10-sp2
version/suse linux enterprise desktop/10-sp3
canonical/suse linux enterprise server
version/suse linux enterprise server/10-sp2
version/suse linux enterprise server/10-sp3
vendor/debian
canonical/debian debian linux
version/debian debian linux/4.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/9.04
version/canonical ubuntu linux/8.10
version/canonical ubuntu linux/9.10
version/canonical ubuntu linux/8.04
version/canonical ubuntu linux/6.06
vendor/vmware
canonical/vmware esx
version/vmware esx/3.5
vendor/redhat
canonical/red hat enterprise linux server
version/red hat enterprise linux server/5.0
canonical/redhat enterprise linux desktop
version/redhat enterprise linux desktop/5.0
canonical/redhat enterprise linux eus
version/redhat enterprise linux eus/5.4
canonical/redhat virtualization
version/redhat virtualization/5.0
canonical/redhat enterprise linux server workstation
version/redhat enterprise linux server workstation/5.0
canonical/redhat fedora
version/redhat fedora/10

CVE-2009-3080: Out-of-bounds Read

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact