CVE-2009-4895

Priority
Low
Description
Race condition in the tty_fasync function in drivers/char/tty_io.c in the
Linux kernel before 2.6.32.6 allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via unknown vectors, related to the put_tty_queue
and __f_setown functions. NOTE: the vulnerability was addressed in a
different way in 2.6.32.9.
Ubuntu-Description
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
References
Notes
sbeattie> first patch (703625118069f9f8) was reverted and the second
patch was used in 2.6.32.9, which fixes the issue "properly".
smb> IMO the races in tty became visible when the BLK was pushed down into
smb> the line disciplines and switch to unlocked ioctl in 2.6.26
smb> (04f378b198da233ca0aca341b113dc6579d46123), so Hardy and Dapper are not
smb> affected.
Assigned-to
smb
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.31-608.22)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.35-25.44~lucid1)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:not-affected
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (2.6.32-309.18)
Ubuntu 11.04 (Natty Narwhal):DNE
Package
Source: linux (LP Ubuntu Debian)
Upstream:released (2.6.33-rc8, 2.6.32.9, 2.6.27.46)
Ubuntu 8.04 LTS (Hardy Heron):not-affected
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (2.6.32-15.21)
Ubuntu 11.04 (Natty Narwhal):not-affected (2.6.35)
Patches:
upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=703625118069f9f8960d356676662d3db5a9d116
upstream:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=80e1e823989ec44d8e35bdfddadbddcffec90424
Jaunty:http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2009-4895/patches/jaunty/linux/0001-Fix-race-in-tty_fasync-properly.txt
Karmic:http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2009-4895/patches/karmic/linux/0001-Fix-race-in-tty_fasync-properly.txt
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:31 UTC (commit 5347)