| Summary: | Kernel: firewire: ohci: handle receive packets with a data length of zero (CVE-2009-4138) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Bjoern Tropf (RETIRED) <asym> |
| Component: | Kernel | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8c0c0cc2d9f4c523fde04bdfe41e4380dec8ee54 | ||
| Whiteboard: | [linux <2.6.27.42] [linux >=2.6.28 <2.6.31.9] | ||
| Package list: | Runtime testing required: | --- | |
|
Description
Bjoern Tropf (RETIRED)
2009-12-15 15:25:14 UTC
CVE-2009-4138 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-4138): drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field. |
