CVE-2009-3556
Description
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport_delete files under /sys/class/scsi_host/, which allows local users to make arbitrary changes to SCSI host attributes by modifying these files.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
World-writable sysfs files in the qla2xxx driver on RHEL 5 with NPIV hardware allow local users to modify SCSI host attributes, potentially enabling unauthorized virtual port management.
Vulnerability
The qla2xxx driver on Red Hat Enterprise Linux 5, when using N_Port ID Virtualization (NPIV) hardware, exposes two sysfs pseudo-files, vport_create and vport_delete, under /sys/class/scsi_host/. A Red Hat configuration step set these files world-writable, allowing any local user to write to them. This affects systems with the qla2xxx driver and NPIV-capable hardware. The issue was introduced in RHBA-2008:0314 [4].
Exploitation
An attacker with local access to the system can write to the vport_create or vport_delete files. No special privileges are required beyond being able to write to world-writable files. By writing appropriate values, the attacker can create or delete virtual ports (vports) on the SCSI host, thereby altering the SCSI host attributes.
Impact
Successful exploitation allows a local user to make arbitrary changes to SCSI host attributes, specifically by creating or deleting virtual ports. This could lead to unauthorized management of NPIV virtual ports, potentially causing denial of service or enabling further attacks on the storage network. The impact is limited to systems using the qla2xxx driver with NPIV hardware.
Mitigation
Red Hat released kernel updates as part of RHSA-2010-0046 [1] to fix this issue by correcting the permissions on these sysfs files. Users should apply the updated kernel packages. The vulnerability only affects Red Hat Enterprise Linux 5; other distributions are not affected [4]. No workaround is mentioned; updating is the recommended action.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- cpe:2.3:o:redhat:enterprise_linux:5:*:*:*:*:*:*:*
- Range: 5
- Range: 2.6.18
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- lists.opensuse.org/opensuse-security-announce/2010-03/msg00007.htmlnvd
- support.avaya.com/css/P8/documents/100073666nvd
- www.openwall.com/lists/oss-security/2010/01/20/2nvd
- bugzilla.redhat.com/show_bug.cginvd
- exchange.xforce.ibmcloud.com/vulnerabilities/55809nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6744nvd
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9738nvd
- rhn.redhat.com/errata/RHSA-2010-0046.htmlnvd
- rhn.redhat.com/errata/RHSA-2010-0095.htmlnvd
News mentions
0No linked articles in our index yet.