NVD

CVE-2009-3620 Detail

Deferred

This CVE record is not being prioritized for NVD enrichment efforts due to resource or other concerns.

Description

The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.

Metrics

NVD enrichment efforts reference publicly available information to associate vector strings. CVSS information contributed by other sources is also displayed.

CVSS 4.0 Severity and Vector Strings:

NIST: NVD

N/A

NVD assessment not yet provided.

CVSS 3.x Severity and Vector Strings:

NIST: NVD

Base Score: 7.8 HIGH

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS 2.0 Severity and Vector Strings:

National Institute of Standards and Technology

NIST: NVD

Base Score: 4.9 MEDIUM

Vector: (AV:L/AC:L/Au:N/C:N/I:N/A:C)

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to [email protected].

URL	Source(s)	Tag(s)
http://article.gmane.org/gmane.linux.kernel/892259	CVE, Inc., Red Hat	Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7	CVE, Inc., Red Hat	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html	CVE, Inc., Red Hat	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html	CVE, Inc., Red Hat	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html	CVE, Inc., Red Hat	Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html	CVE, Inc., Red Hat	Mailing List
http://lists.vmware.com/pipermail/security-announce/2010/000082.html	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/36707	CVE, Inc., Red Hat	Broken Link Vendor Advisory
http://secunia.com/advisories/37909	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/38794	CVE, Inc., Red Hat	Broken Link
http://secunia.com/advisories/38834	CVE, Inc., Red Hat	Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log	CVE, Inc., Red Hat	Broken Link Patch
http://www.mandriva.com/security/advisories?name=MDVSA-2010:088	CVE, Inc., Red Hat	Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198	CVE, Inc., Red Hat	Broken Link
http://www.openwall.com/lists/oss-security/2009/10/19/1	CVE, Inc., Red Hat	Mailing List Patch
http://www.openwall.com/lists/oss-security/2009/10/19/3	CVE, Inc., Red Hat	Mailing List Patch
http://www.redhat.com/support/errata/RHSA-2009-1670.html	CVE, Inc., Red Hat	Broken Link
http://www.redhat.com/support/errata/RHSA-2009-1671.html	CVE, Inc., Red Hat	Broken Link
http://www.redhat.com/support/errata/RHSA-2010-0882.html	CVE, Inc., Red Hat	Broken Link
http://www.securityfocus.com/bid/36824	CVE, Inc., Red Hat	Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/usn-864-1	CVE, Inc., Red Hat	Third Party Advisory
http://www.vupen.com/english/advisories/2010/0528	CVE, Inc., Red Hat	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=529597	CVE, Inc., Red Hat	Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763	CVE, Inc., Red Hat	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891	CVE, Inc., Red Hat	Broken Link
https://rhn.redhat.com/errata/RHSA-2009-1540.html	CVE, Inc., Red Hat	Third Party Advisory
https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html	CVE, Inc., Red Hat	Mailing List Release Notes

Weakness Enumeration

CWE-ID	CWE Name	Source
CWE-908	Use of Uninitialized Resource	NIST
CWE-476	NULL Pointer Dereference	NIST

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Denotes Vulnerable Software
Are we missing a CPE here? Please let us know.

Change History

8 change records found show changes

CVE Modified by CVE 11/20/2024 8:07:49 PM

Action	Type	New Value
Added	Reference	http://article.gmane.org/gmane.linux.kernel/892259
Added	Reference	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
Added	Reference	http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
Added	Reference	http://lists.vmware.com/pipermail/security-announce/2010/000082.html
Added	Reference	http://secunia.com/advisories/36707
Added	Reference	http://secunia.com/advisories/37909
Added	Reference	http://secunia.com/advisories/38794
Added	Reference	http://secunia.com/advisories/38834
Added	Reference	http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log
Added	Reference	http://www.mandriva.com/security/advisories?name=MDVSA-2010:088
Added	Reference	http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
Added	Reference	http://www.openwall.com/lists/oss-security/2009/10/19/1
Added	Reference	http://www.openwall.com/lists/oss-security/2009/10/19/3
Added	Reference	http://www.redhat.com/support/errata/RHSA-2009-1670.html
Added	Reference	http://www.redhat.com/support/errata/RHSA-2009-1671.html
Added	Reference	http://www.redhat.com/support/errata/RHSA-2010-0882.html
Added	Reference	http://www.securityfocus.com/bid/36824
Added	Reference	http://www.ubuntu.com/usn/usn-864-1
Added	Reference	http://www.vupen.com/english/advisories/2010/0528
Added	Reference	https://bugzilla.redhat.com/show_bug.cgi?id=529597
Added	Reference	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763
Added	Reference	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891
Added	Reference	https://rhn.redhat.com/errata/RHSA-2009-1540.html
Added	Reference	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html

Modified Analysis by NIST 11/03/2023 1:13:57 PM

CVE Modified by Red Hat, Inc. 2/12/2023 9:20:30 PM

Action	Type	Old Value	New Value
Changed	Description	CVE-2009-3620 kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised	The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
Removed	CVSS V2	Red Hat, Inc. (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Removed	Reference	https://access.redhat.com/errata/RHSA-2009:1540 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2009:1670 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2009:1671 [No Types Assigned]
Removed	Reference	https://access.redhat.com/errata/RHSA-2010:0882 [No Types Assigned]
Removed	Reference	https://access.redhat.com/security/cve/CVE-2009-3620 [No Types Assigned]

CVE Modified by Red Hat, Inc. 2/02/2023 12:16:50 PM

Action	Type	Old Value	New Value
Changed	Description	The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.	CVE-2009-3620 kernel: r128 IOCTL NULL pointer dereferences when CCE state is uninitialised
Added	CVSS V2		Red Hat, Inc. (AV:L/AC:L/Au:N/C:N/I:N/A:C)
Added	Reference		http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7 [No Types Assigned]
Added	Reference		https://access.redhat.com/errata/RHSA-2009:1540 [No Types Assigned]
Added	Reference		https://access.redhat.com/errata/RHSA-2009:1670 [No Types Assigned]
Added	Reference		https://access.redhat.com/errata/RHSA-2009:1671 [No Types Assigned]
Added	Reference		https://access.redhat.com/errata/RHSA-2010:0882 [No Types Assigned]
Added	Reference		https://access.redhat.com/security/cve/CVE-2009-3620 [No Types Assigned]
Removed	Reference	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=7dc482dfeeeefcfd000d4271c4626937406756d7 [No Types Assigned]

Quick Info

CVE Dictionary Entry:
CVE-2009-3620
NVD Published Date:
10/22/2009
NVD Last Modified:
04/08/2025
Source:
Red Hat, Inc.

You are viewing this page in an unauthorized frame window.

Information Technology Laboratory

National Vulnerability Database

National Vulnerability Database

CVE-2009-3620 Detail

Description

Metrics

References to Advisories, Solutions, and Tools

Weakness Enumeration

Known Affected Software Configurations Switch to CPE 2.2

CPEs loading, please wait.

Change History

CVE Modified by CVE 11/20/2024 8:07:49 PM

CVE Modified by Red Hat, Inc. 5/13/2024 10:10:57 PM

Reanalysis by NIST 2/08/2024 7:20:34 PM

Modified Analysis by NIST 11/03/2023 1:13:57 PM

CVE Modified by Red Hat, Inc. 2/12/2023 9:20:30 PM

CVE Modified by Red Hat, Inc. 2/02/2023 12:16:50 PM

CVE Modified by Red Hat, Inc. 9/18/2017 9:29:42 PM

Initial CVE Analysis 10/23/2009 8:16:00 AM

Quick Info