High severity7.1NVD Advisory· Published Nov 16, 2009· Updated Apr 23, 2026
CVE-2009-3939
CVE-2009-3939
Description
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
Affected products
29cpe:2.3:a:avaya:aura_application_enablement_services:5.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:avaya:aura_application_enablement_services:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_application_enablement_services:5.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_communication_manager:5.2:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_session_manager:1.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:avaya:aura_session_manager:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_session_manager:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_sip_enablement_services:5.2:*:*:*:*:*:*:*
cpe:2.3:a:avaya:aura_system_manager:5.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:avaya:aura_system_manager:5.2:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_system_manager:6.0:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:aura_system_platform:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:avaya:voice_portal:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:5:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
23- bugzilla.redhat.com/show_bug.cginvdExploitIssue Tracking
- support.avaya.com/css/P8/documents/100073666nvdThird Party Advisory
- www.debian.org/security/2010/dsa-1996nvdThird Party Advisory
- www.securityfocus.com/bid/37019nvdBroken LinkThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/usn-864-1nvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2010-0046.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2010-0095.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.htmlnvdMailing List
- lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.htmlnvdMailing List
- lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.htmlnvdMailing List
- lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.htmlnvdMailing List
- lists.opensuse.org/opensuse-security-announce/2010-02/msg00002.htmlnvdMailing List
- lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.htmlnvdMailing List
- lists.opensuse.org/opensuse-security-announce/2010-03/msg00000.htmlnvdMailing List
- osvdb.org/60201nvdBroken Link
- secunia.com/advisories/37909nvdBroken Link
- secunia.com/advisories/38017nvdBroken Link
- secunia.com/advisories/38276nvdBroken Link
- secunia.com/advisories/38492nvdBroken Link
- secunia.com/advisories/38779nvdBroken Link
- www.openwall.com/lists/oss-security/2009/11/13/1nvdMailing List
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10310nvdBroken Link
- oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7540nvdBroken Link
News mentions
0No linked articles in our index yet.