CVE-2009-3620

HIGH

Linux Kernel < 2.6.31.1 - Use of Uninitialized Resource

Title source: rule

Description

The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.

References (27)

... and 7 more

Scores

CVSS v3 7.8
EPSS 0.0007
EPSS Percentile 21.9%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE
CWE-476 CWE-908
Status draft

Affected Products (16)

linux/linux_kernel < 2.6.31.1
fedoraproject/fedora
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
canonical/ubuntu_linux
redhat/mrg_realtime
suse/linux_enterprise_debuginfo
suse/linux_enterprise_debuginfo
opensuse/opensuse
suse/linux_enterprise_desktop
suse/linux_enterprise_desktop
suse/linux_enterprise_server
suse/linux_enterprise_server
... and 1 more

Timeline

Published Oct 22, 2009
Tracked Since Feb 18, 2026