The ISO9660 filesystem handling code of the Linux 2.6.x kernel fails to properly handle corrupted data structures, leading to an exploitable denial of service condition. This particular vulnerability seems to be caused by a race condition and a signedness issue. When performing a read operation on a corrupted ISO9660 fs stream, the isofs_get_blocks() function will enter an infinite loop when __find_get_block_slow() callback from sb_getblk() fails ("due to various races between file io on the block device and getblk").
Created attachment 104638 [details, diff] patch
*** Bug 158789 has been marked as a duplicate of this bug. ***
Fixed in genpatches-2.6.18-8 (gentoo-sources-2.6.18-r6)
*** This bug has been marked as a duplicate of 155769 ***