CVE-2009-3939
moderate-risk
Published 2009-11-16
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
Do I need to act?
-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10
High
LOCAL
/ LOW complexity
Affected Products (20)
Aura Application Enablement Services
Aura Session Manager
Aura Session Manager
Aura Sip Enablement Services
Aura System Manager
Aura System Manager
Aura System Platform
References (46)
Broken Link
http://osvdb.org/60201
Broken Link
http://secunia.com/advisories/37909
Broken Link
http://secunia.com/advisories/38017
Broken Link
http://secunia.com/advisories/38276
Broken Link
http://secunia.com/advisories/38492
Broken Link
http://secunia.com/advisories/38779
Third Party Advisory
http://support.avaya.com/css/P8/documents/100073666
Third Party Advisory
http://www.debian.org/security/2010/dsa-1996
Broken Link
http://www.securityfocus.com/bid/37019
Third Party Advisory
http://www.ubuntu.com/usn/usn-864-1
and 26 more references
44
/ 100
moderate-risk
Severity
22/34 · High
Exploitability
0/34 · Minimal
Exposure
22/34 · High