|Bugzilla:||526068: CVE-2009-3889 CVE-2009-3939 kernel: megaraid_sas permissions in sysfs|
The MITRE CVE dictionary describes this issue as:
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 220.127.116.11 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
This issue did not affect the version of the Linux kernel as shipped with Red Hat Enterprise Linux 3, as it does not implement the sysfs file system ("/sys/"), through which poll_mode_io file is exposed by the megaraid_sas driver.
Issue was addressed in Red Hat Enterprise Linux 4, 5 and Red Hat Enterprise MRG via https://rhn.redhat.com/errata/RHSA-2010-0076.html , https://rhn.redhat.com/errata/RHSA-2010-0046.html and https://rhn.redhat.com/errata/RHSA-2009-1635.html respectively.
CVSS v2 metrics
Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).
Red Hat security errata
|MRG Grid for RHEL 5 Server (kernel-rt)||RHSA-2009:1635||December 03, 2009|
|Red Hat Enterprise Linux version 4 (kernel)||RHSA-2010:0076||February 02, 2010|
|Red Hat Enterprise Linux version 5 (kernel)||RHSA-2010:0046||January 19, 2010|
This page is generated automatically and has not been checked for errors or omissions.
For clarification or corrections please contact the Red Hat Security Response Team.