CVE-2009-3080

Published: Nov 20, 2009Modified: Apr 23, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

Affected (25)

Products: Linux: Linux Kernel · Opensuse: Opensuse · Suse: Linux Enterprise Desktop, Linux Enterprise Server · +4 more

Show all products

1 product

1 product

2 products

Linux Enterprise Desktop

Linux Enterprise Server

1 product

1 product

1 product

6 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Workstation

Virtualization

Fedora

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Linux Linux Kernel	Up to 2.6.31.6
Linux Linux Kernel	Version 2.6.32
Linux Linux Kernel	Version 2.6.32 rc1
Linux Linux Kernel	Version 2.6.32 rc3
Linux Linux Kernel	Version 2.6.32 rc4
Linux Linux Kernel	Version 2.6.32 rc5

Configuration B

6 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.1
Opensuse Opensuse	Version 11.2
Suse Linux Enterprise Desktop	Version 10 sp2
Suse Linux Enterprise Desktop	Version 10 sp3
Suse Linux Enterprise Server	Version 10 sp2
Suse Linux Enterprise Server	Version 10 sp3

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 4.0

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 6.06
Canonical Ubuntu Linux	Version 8.04
Canonical Ubuntu Linux	Version 8.10
Canonical Ubuntu Linux	Version 9.04
Canonical Ubuntu Linux	Version 9.10

Configuration E

1 vulnerable

Vulnerable Software	Affected Versions
Vmware Esx	Version 3.5

Configuration F

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Eus	Version 5.4
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Server Workstation	Version 5.0
Redhat Virtualization	Version 5.0

Configuration G

1 vulnerable

Vulnerable Software	Affected Versions
Redhat Fedora	Version 10

Related CWEs

CWE-129

Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

References (54)

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://secunia.com/advisories/37435

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/37720

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/37909

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/38017

Source: secalert@redhat.com

Broken Link

http://secunia.com/advisories/38276

Source: secalert@redhat.com

Broken Link

http://support.avaya.com/css/P8/documents/100073666

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2010/dsa-2005

Source: secalert@redhat.com

Third Party Advisory

http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.32-rc8

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2010:030

Source: secalert@redhat.com

Broken Link

http://www.mandriva.com/security/advisories?name=MDVSA-2011:051

Source: secalert@redhat.com

Broken Link

http://www.redhat.com/support/errata/RHSA-2010-0041.html

Source: secalert@redhat.com

Broken Link

http://www.redhat.com/support/errata/RHSA-2010-0882.html

Source: secalert@redhat.com

Broken Link

http://www.securityfocus.com/bid/37068

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/usn-864-1

Source: secalert@redhat.com

Third Party Advisory

http://www.vmware.com/security/advisories/VMSA-2011-0009.html

Source: secalert@redhat.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10989

Source: secalert@redhat.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12862

Source: secalert@redhat.com

Third Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7101

Source: secalert@redhat.com

Third Party Advisory

https://rhn.redhat.com/errata/RHSA-2010-0046.html

Source: secalert@redhat.com

Third Party Advisory

https://rhn.redhat.com/errata/RHSA-2010-0095.html

Source: secalert@redhat.com

Third Party Advisory

https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00777.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=690e744869f3262855b83b4fb59199cf142765b0