CVE-2009-3620

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.31-git11 Red Hat Enterprise Linux kernel versions 2.4.21

Description The issue concerns multiple vulnerabilities in the Linux kernel and Red Hat Enterprise Linux kernel, which can lead to a disruption of protected information availability. These vulnerabilities can be exploited remotely. Additionally, a local user can cause a denial of service or possibly gain privileges via unspecified ioctl calls due to the improper verification of Concurrent Command Engine (CCE) state initialization in the ATI Rage 128 driver.

Recommendations For Linux kernel versions prior to 2.6.31-git11, update to version 2.6.31-git11 or later to resolve the issue. For Red Hat Enterprise Linux kernel versions 2.4.21, consider disabling the vulnerable kernel modules or restricting access to them until a patch is available. As a temporary workaround, consider disabling the ATI Rage 128 driver until a patch is available.

Fix

DoS

Use of Uninitialized Resource

NULL Pointer Dereference

Improper Validation of Array Index

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-908CWE-476CWE-129

Related Identifiers

BDU:2015-06103

BDU:2015-06104

BDU:2015-06105

BDU:2015-06106

BDU:2015-06107

BDU:2015-06108

BDU:2015-06109

BDU:2015-06110

BDU:2015-06111

CVE-2009-3620

DSA-1927-1

DSA-1928-1

RHSA-2009:1540

RHSA-2009:1670

RHSA-2009:1671

RHSA-2009_1670

RHSA-2009_1671

RHSA-2010:0882

Affected Products

Ati Rage 128

Linux Kernel

Red Hat

Red Hat Enterprise Linux Kernel

CVE-2009-3620

Weakness Enumeration

Related Identifiers

Affected Products

References · 63