CVE - CVE-2009-3620

CVE-ID
CVE-2009-3620	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:36707 URL:http://secunia.com/advisories/36707 MISC:36824 URL:http://www.securityfocus.com/bid/36824 MISC:37909 URL:http://secunia.com/advisories/37909 MISC:38794 URL:http://secunia.com/advisories/38794 MISC:38834 URL:http://secunia.com/advisories/38834 MISC:ADV-2010-0528 URL:~~http://www.vupen.com/english/advisories/2010/0528~~ (Obsolete source) MISC:FEDORA-2009-11038 URL:https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html MISC:MDVSA-2010:088 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:088~~ (Obsolete source) MISC:MDVSA-2010:198 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2010:198~~ (Obsolete source) MISC:RHSA-2009:1540 URL:https://rhn.redhat.com/errata/RHSA-2009-1540.html MISC:RHSA-2009:1670 URL:http://www.redhat.com/support/errata/RHSA-2009-1670.html MISC:RHSA-2009:1671 URL:http://www.redhat.com/support/errata/RHSA-2009-1671.html MISC:RHSA-2010:0882 URL:http://www.redhat.com/support/errata/RHSA-2010-0882.html MISC:SUSE-SA:2009:061 URL:http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html MISC:SUSE-SA:2009:064 URL:http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html MISC:SUSE-SA:2010:012 URL:http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html MISC:SUSE-SA:2010:013 URL:http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html MISC:USN-864-1 URL:http://www.ubuntu.com/usn/usn-864-1 MISC:[linux-kernel] 20090921 [git pull] drm tree. URL:http://article.gmane.org/gmane.linux.kernel/892259 MISC:[oss-security] 20091019 CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised URL:http://www.openwall.com/lists/oss-security/2009/10/19/1 MISC:[oss-security] 20091019 Re: CVE request: kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised URL:http://www.openwall.com/lists/oss-security/2009/10/19/3 MISC:[security-announce] 20100303 VMSA-2010-0004 ESX Service Console and vMA third party updates URL:http://lists.vmware.com/pipermail/security-announce/2010/000082.html MISC:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7 URL:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7 MISC:http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log URL:http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log MISC:https://bugzilla.redhat.com/show_bug.cgi?id=529597 URL:https://bugzilla.redhat.com/show_bug.cgi?id=529597 MISC:oval:org.mitre.oval:def:6763 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763 MISC:oval:org.mitre.oval:def:9891 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891
Assigning CNA
Red Hat, Inc.
Date Record Created
20091009	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20091009)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)