SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not properly check commands sent to CD devices that have been opened read-only, which could allow local users to conduct unauthorized write activities to modify the firmware of associated SCSI devices.
Exploitability
AV:LAC:LAu:NImpact
C:NI:PA:N2.1/AV:L/AC:L/Au:N/C:N/I:P/A:N