VYPR
Unrated severityNVD Advisory· Published Sep 22, 2009· Updated Jun 16, 2026

CVE-2009-3288

CVE-2009-3288

Description

The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as demonstrated by using xcdroast to duplicate a CD. NOTE: this is only exploitable by users who can open the cdrom device.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

11
  • Linux/Kernel11 versions
    cpe:2.3:a:kernel:linux_kernel:2.6.28-rc1:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:kernel:linux_kernel:2.6.28-rc1:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31-rc10:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31-rc2:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31-rc3:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31-rc4:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31-rc5:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31-rc6:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31-rc7:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31-rc8:*:*:*:*:*:*:*
    • cpe:2.3:o:linux:linux_kernel:2.6.31-rc9:*:*:*:*:*:*:*
    • (no CPE)range: 2.6.28-rc1 to 2.6.31-rc8

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.