297045 – (CVE-2009-4138) Kernel: firewire: ohci: handle receive packets with a data length of zero (CVE-2009-4138)

Bug 297045 (CVE-2009-4138) - Kernel: firewire: ohci: handle receive packets with a data length of zero (CVE-2009-4138)

Summary: Kernel: firewire: ohci: handle receive packets with a data length of zero (CV...

Status:	RESOLVED FIXED

Alias:	CVE-2009-4138

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[linux <2.6.27.42] [linux >=2.6.28 <2...
Keywords:

Depends on:
Blocks:

Reported:	2009-12-15 15:25 UTC by Bjoern Tropf (RETIRED)
Modified:	2013-09-15 18:47 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bjoern Tropf (RETIRED) gentoo-dev

2009-12-15 15:25:14 UTC

Cve pending...

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2009-12-18 02:22:39 UTC

CVE-2009-4138 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4138):
  drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when
  packet-per-buffer mode is used, allows local users to cause a denial
  of service (NULL pointer dereference and system crash) or possibly
  have unknown other impact via an unspecified ioctl associated with
  receiving an ISO packet that contains zero in the payload-length
  field.