Incorrect permission assignment for critical resource in Linux kernel - CVE-2009-3939

 

Incorrect permission assignment for critical resource in Linux kernel - CVE-2009-3939

Published: June 20, 2024


Vulnerability identifier: #VU92835
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2009-3939
CWE-ID: CWE-732
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a local user to damange or delete data.

The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.


How to mitigate CVE-2009-3939

Install update from vendor's repository.

Sources