282005 – (CVE-2009-2849) Kernel: md driver NULL ptr deref DoS (CVE-2009-2849)

Bug 282005 (CVE-2009-2849) - Kernel: md driver NULL ptr deref DoS (CVE-2009-2849)

Summary: Kernel: md driver NULL ptr deref DoS (CVE-2009-2849)

Status:	RESOLVED FIXED

Alias:	CVE-2009-2849

Product:	Gentoo Security
Classification:	Unclassified
Component:	Kernel (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo Security

URL:	http://git.kernel.org/?p=linux/kernel...
Whiteboard:	[linux <2.6.30.2] [gp <2.6.30-5]
Keywords:

Depends on:
Blocks:

Reported:	2009-08-19 09:37 UTC by Alex Legler (RETIRED)
Modified:	2013-09-15 18:42 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Alex Legler (RETIRED) archtester

2009-08-19 09:37:09 UTC

CVE-2009-2849 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2849):
  The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2
  might allow local users to cause a denial of service (NULL pointer
  dereference) via vectors related to "suspend_* sysfs attributes" and
  the (1) suspend_lo_store or (2) suspend_hi_store functions.  NOTE:
  this is only a vulnerability when sysfs is writable by an attacker.