Race condition in the tty_fasync function in drivers/char/tty_io.c in the
Linux kernel before 126.96.36.199 allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via unknown vectors, related to the put_tty_queue
and __f_setown functions. NOTE: the vulnerability was addressed in a
different way in 188.8.131.52.
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
sbeattie> first patch (703625118069f9f8) was reverted and the second
patch was used in 184.108.40.206, which fixes the issue "properly".
smb> IMO the races in tty became visible when the BLK was pushed down into
smb> the line disciplines and switch to unlocked ioctl in 2.6.26
smb> (04f378b198da233ca0aca341b113dc6579d46123), so Hardy and Dapper are not
(2.6.33-rc8, 220.127.116.11, 18.104.22.168)
Updated: 2015-07-29 20:37:28 UTC (commit 9756)