1
Candidate: CVE-2009-3288
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3288
5
http://www.openwall.com/lists/oss-security/2009/09/03/4
6
https://usn.ubuntu.com/usn/usn-852-1
8
The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel
9
2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an
10
array, which allows local users to cause a denial of service (kernel OOPS
11
and NULL pointer dereference), as demonstrated by using xcdroast to
12
duplicate a CD. NOTE: this is only exploitable by users who can open the
21
Patches_linux-source-2.6.15:
22
upstream_linux-source-2.6.15: not-affected
23
dapper_linux-source-2.6.15: not-affected
24
hardy_linux-source-2.6.15: DNE
25
intrepid_linux-source-2.6.15: DNE
26
jaunty_linux-source-2.6.15: DNE
27
devel_linux-source-2.6.15: DNE
30
proposed: http://lkml.org/lkml/2009/9/3/107
31
upstream_linux: released (2.6.31)
33
hardy_linux: not-affected
34
intrepid_linux: not-affected
35
jaunty_linux: released (2.6.28-16.55)
36
devel_linux: not-affected