製品・ソフトウェアに関する情報

JVN脆弱性詳細

Linux kernel の ATI Rage 128 ドライバにおける権限昇格の脆弱性

Title	Linux kernel の ATI Rage 128 ドライバにおける権限昇格の脆弱性
Summary	Linux kernel の ATI Rage 128 (別名 r128) ドライバには、Concurrent Command Engine (CCE) のステートの初期化処理に不備があるため、サービス運用妨害 (DoS) 状態となる、または権限を取得される可能性があります。
Possible impacts	ローカルユーザにより、ioctl コールを介して、サービス運用妨害 (DoS) 状態にされる、または権限を取得される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 22, 2009, midnight
Registration Date	Feb. 1, 2010, 11:51 a.m.
Last Update	March 18, 2011, 3:30 p.m.

CVSS2.0 : 警告
Score	4.9
Vector	AV:L/AC:L/Au:N/C:N/I:N/A:C

Affected System

レッドハット

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 4.8 (as)

Red Hat Enterprise Linux 4.8 (es)

Red Hat Enterprise Linux 5

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Enterprise Linux ELS 3

Red Hat Enterprise Linux EUS 5.4.z (server)

サイバートラスト株式会社

Asianux Server 3 (x86-64)

Asianux Server 3.0

Asianux Server 3.0 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

Asianux Server 3 (x86)

Linux

Linux Kernel 2.6.31-git11 未満

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-3620	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3620
National Vulnerability Database (NVD)
2	CVE-2009-3620	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3620

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Asianux Technical Support Network
1	kernel-2.6.18-128.14.AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=1005
Linux Kernel
2	ChangeLog-2.4.37.7	http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.37.7
3	patch-2.6.31-git11	http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log
MIRACLE LINUX アップデート情報
4	1992	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1992
5	2186	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=2186
Red Hat Security Advisory
6	RHSA-2009:1540	https://rhn.redhat.com/errata/RHSA-2009-1540.html
7	RHSA-2009:1670	https://rhn.redhat.com/errata/RHSA-2009-1670.html
8	RHSA-2009:1671	https://rhn.redhat.com/errata/RHSA-2009-1671.html
9	RHSA-2010:0882	https://rhn.redhat.com/errata/RHSA-2010-0882.html
レッドハットセキュリティーアップデート
10	RHSA-2009:1670	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1670J.html
11	RHSA-2009:1671	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-1671J.html

その他

No	Name	URL
Secunia Advisory
1	SA36707	http://secunia.com/advisories/36707
2	SA37296	http://secunia.com/advisories/37296
SecurityFocus
3	36824	http://www.securityfocus.com/bid/36824

Change Log

No	Changed Details	Date of change
0	[2010年02月01日] 掲載 [2010年04月02日] 影響を受けるシステム：ミラクル・リナックス (kernel-2.6.18-128.14.AXS3) の情報を追加ベンダ情報：ミラクル・リナックス (kernel-2.6.18-128.14.AXS3) を追加 [2010年12月03日] 影響を受けるシステム：レッドハット (RHSA-2010:0882) の情報を追加ベンダ情報：レッドハット (RHSA-2010:0882) を追加 [2011年03月18日] 影響を受けるシステム：ミラクル・リナックス (2186) の情報を追加ベンダ情報：ミラクル・リナックス (2186) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2009-3620

Summary	The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
Publication Date	Oct. 23, 2009, 1 a.m.
Registration Date	Jan. 29, 2021, 1:24 p.m.
Last Update	Feb. 9, 2024, 9:20 a.m.

Affected software configurations

Configuration1		or higher	or less	more than	less than
cpe:2.3:o:linux:linux_kernel::::::::					2.6.31.1

Configuration2		or higher	or less	more than	less than
cpe:2.3:o:fedoraproject:fedora:10:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:9.10:::::::*
cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*

Configuration4		or higher	or less	more than	less than
cpe:2.3:a:redhat:mrg_realtime:1.0:::::::*

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:opensuse:opensuse:11.0:::::::*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2::::::
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp3::::::
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:::-:::*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:::-:::*
cpe:2.3:o:suse:linux_enterprise_server:8:::::::*

Related information, measures and tools

No	URL	refsource	タグ
1	http://article.gmane.org/gmane.linux.kernel/892259	MLIST	Broken Link
2	http://www.openwall.com/lists/oss-security/2009/10/19/3	MLIST	Mailing List Patch
3	http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log	CONFIRM	Broken Link Patch
4	http://secunia.com/advisories/36707	SECUNIA	Broken Link Vendor Advisory
5	http://www.openwall.com/lists/oss-security/2009/10/19/1	MLIST	Mailing List Patch
6	https://bugzilla.redhat.com/show_bug.cgi?id=529597	CONFIRM	Issue Tracking
7	http://www.securityfocus.com/bid/36824	BID	Broken Link Third Party Advisory VDB Entry
8	https://rhn.redhat.com/errata/RHSA-2009-1540.html	REDHAT	Third Party Advisory
9	https://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html	FEDORA	Mailing List Release Notes
10	http://www.redhat.com/support/errata/RHSA-2009-1671.html	REDHAT	Broken Link
11	http://www.redhat.com/support/errata/RHSA-2009-1670.html	REDHAT	Broken Link
12	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html	SUSE	Mailing List
13	http://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html	SUSE	Mailing List
14	http://secunia.com/advisories/37909	SECUNIA	Broken Link
15	http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html	SUSE	Mailing List
16	http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html	SUSE	Mailing List
17	http://www.ubuntu.com/usn/usn-864-1	UBUNTU	Third Party Advisory
18	http://secunia.com/advisories/38834	SECUNIA	Broken Link
19	http://secunia.com/advisories/38794	SECUNIA	Broken Link
20	http://www.vupen.com/english/advisories/2010/0528	VUPEN	Broken Link
21	http://lists.vmware.com/pipermail/security-announce/2010/000082.html	MLIST	Broken Link
22	http://www.mandriva.com/security/advisories?name=MDVSA-2010:088	MANDRIVA	Broken Link
23	http://www.mandriva.com/security/advisories?name=MDVSA-2010:198	MANDRIVA	Broken Link
24	http://www.redhat.com/support/errata/RHSA-2010-0882.html	REDHAT	Broken Link
25	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891	OVAL	Broken Link
26	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763	OVAL	Broken Link
27	http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7	MISC	Broken Link

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-476	NULL ポインタデリファレンス	https://cwe.mitre.org/data/definitions/476.html
2	CWE-908	初期化されていないリソースの使用	https://cwe.mitre.org/data/definitions/908.html

Configuration5	or higher	or less	more than	less than
cpe:2.3:o:opensuse:opensuse:11.0:::::::*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2::::::
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp3::::::
cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp3::::::
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:::-:::*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:::-:::*
cpe:2.3:o:suse:linux_enterprise_server:8:::::::*