Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2009-3288

The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 23.3%
CVSS Severity
CVSS v2 Score 4.9
Products affected by CVE-2009-3288
  • Kernel » Linux Kernel » Version: 2.6.28-rc1
    cpe:2.3:a:kernel:linux_kernel:2.6.28-rc1
  • Linux » Linux Kernel » Version: 2.6.31-rc10
    cpe:2.3:o:linux:linux_kernel:2.6.31-rc10
  • Linux » Linux Kernel » Version: 2.6.31-rc2
    cpe:2.3:o:linux:linux_kernel:2.6.31-rc2
  • Linux » Linux Kernel » Version: 2.6.31-rc3
    cpe:2.3:o:linux:linux_kernel:2.6.31-rc3
  • Linux » Linux Kernel » Version: 2.6.31-rc4
    cpe:2.3:o:linux:linux_kernel:2.6.31-rc4
  • Linux » Linux Kernel » Version: 2.6.31-rc5
    cpe:2.3:o:linux:linux_kernel:2.6.31-rc5
  • Linux » Linux Kernel » Version: 2.6.31-rc6
    cpe:2.3:o:linux:linux_kernel:2.6.31-rc6
  • Linux » Linux Kernel » Version: 2.6.31-rc7
    cpe:2.3:o:linux:linux_kernel:2.6.31-rc7
  • Linux » Linux Kernel » Version: 2.6.31-rc8
    cpe:2.3:o:linux:linux_kernel:2.6.31-rc8
  • Linux » Linux Kernel » Version: 2.6.31-rc9
    cpe:2.3:o:linux:linux_kernel:2.6.31-rc9


Products
Pricing
Contact Us

Shodan ® - All rights reserved