CVE-2009-3288

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.28-rc1 through 2.6.31-rc8

Description The issue allows local users to cause a denial of service, resulting in a kernel OOPS and NULL pointer dereference. This can be achieved by exploiting the sg build indirect function in the drivers/scsi/sg.c file. The function uses an incorrect variable when accessing an array. An example of exploitation is by using xcdroast to duplicate a CD. It is notable that this issue is only exploitable by users who have the capability to open the cdrom device.

Recommendations For Linux kernel versions 2.6.28-rc1 through 2.6.31-rc8, consider restricting access to the cdrom device to minimize the risk of exploitation. As a temporary workaround, avoid using the sg build indirect function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.