CVE-2009-3939

CWE-732 — Incorrect Permission Assignment6 documents6 sources

Severity

7.1HIGH

EPSS

0.0%

top 86.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Linux Linux Kernel Avaya Aura Application Enablement Services Avaya Aura Communication Manager +15 more

Timeline

PublishedNov 16

Latest updateMay 2

Description

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:HExploitability: 1.8 | Impact: 5.2

Affected Packages15 packages

▶NVDlinux/linux_kernel2.6.31.6

▶NVDsuse/linux_enterprise_server10, 11+1

▶NVDsuse/linux_enterprise_desktop10, 11+1

▶NVDredhat/enterprise_linux_server5.0

▶NVDredhat/enterprise_linux_desktop5.0

Also affects: Debian Linux 5.0, Ubuntu Linux 6.06, 8.04, 8.10, 9.04, 9.10, Enterprise Linux 5.4

🔴Vulnerability Details

GHSA

GHSA-3v99-jwxg-37h6: The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2↗2022-05-02

▶

CVEList

CVE-2009-3939: The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2↗2009-11-16

▶

📋Vendor Advisories

Ubuntu

Linux kernel vulnerabilities↗2009-12-05

▶

Red Hat

kernel: megaraid_sas permissions in sysfs↗2009-09-28

▶

💬Community

Bugzilla

CVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs↗2009-09-28

▶