CVE-2009-3080 — Improper Validation of Array Index in Kernel

CWE-129 — Improper Validation of Array Index CWE-839 — Numeric Range Comparison Without Minimum Check CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 78.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Kernel Canonical Ubuntu Linux Debian Linux +10 more

Timeline

PublishedNov 20

Latest updateMay 2

Description

Array index error in the gdth_read_event function in drivers/scsi/gdth.c in the Linux kernel before 2.6.32-rc8 allows local users to cause a denial of service or possibly gain privileges via a negative event index in an IOCTL request.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages8 packages

▶NVDlinux/linux_kernel2.6.31.6+1

▶NVDsuse/linux_enterprise_server10

▶NVDsuse/linux_enterprise_desktop10

▶NVDredhat/enterprise_linux_server5.0

▶NVDredhat/enterprise_linux_desktop5.0

Also affects: Debian Linux 4.0, Ubuntu Linux 6.06, 8.04, 8.10, 9.04, 9.10, Enterprise Linux 5.4, 5.0, Fedora 10

🔴Vulnerability Details

GHSA

GHSA-r6gw-jh8m-7g87: Array index error in the gdth_read_event function in drivers/scsi/gdth↗2022-05-02

▶

CVEList

CVE-2009-3080: Array index error in the gdth_read_event function in drivers/scsi/gdth↗2009-11-20

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2009-12-05

▶

Red Hat

kernel: gdth: Prevent negative offsets in ioctl↗2009-11-20

▶

💬Community

Bugzilla

CVE-2009-3080 kernel: gdth: Prevent negative offsets in ioctl↗2009-11-20

▶