CVE-2009-3889 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-3889 PUBLISHED CVSS 6.599999904632568 MEDIUM

The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.

EPSS 0.09% · 25.6th percentile

Risk Scores

CVSS v2.0

6.599999904632568

EPSS Score

0.09%

25.6th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	2.6.25, 0, 2.6.0
n/a	n/a	n/a

Timeline

Nov 16, 2009 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

SUSE-SA:2009:061 vendor-advisory
USN-864-1 vendor-advisory
https://bugzilla.redhat.com/show_bug.cgi?id=526068 url
[oss-security] 20091113 Re: CVE request: kernel: bad permissions on megaraid_sas sysfs files mailing-list
37019 vdb
http://support.avaya.com/css/P8/documents/100073666 url
37909 third-party-advisory
60202 vdb
oval:org.mitre.oval:def:11018 vdb
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=66dca9b8c50b5e59d3bea8b21cee5c6dae6c9c46 url
SUSE-SA:2009:064 vendor-advisory
[oss-security] 20091113 CVE request: kernel: bad permissions on megaraid_sas sysfs files mailing-list
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27 url
SUSE-SA:2010:013 vendor-advisory
RHSA-2010:0095 vendor-advisory
oval:org.mitre.oval:def:7163 vdb
RHSA-2010:0046 vendor-advisory
DSA-2005 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2009-3889 advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=66dca9b8c50b5e59d3bea8b21cee5c6dae6c9c46 url

Open in Interactive Console →