Race condition in the tty_fasync function in drivers/char/tty_io.c in the
Linux kernel before 18.104.22.168 allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via unknown vectors, related to the put_tty_queue
and __f_setown functions. NOTE: the vulnerability was addressed in a
different way in 22.214.171.124.
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
sbeattie> first patch (703625118069f9f8) was reverted and the second
patch was used in 126.96.36.199, which fixes the issue "properly".
smb> IMO the races in tty became visible when the BLK was pushed down into
smb> the line disciplines and switch to unlocked ioctl in 2.6.26
smb> (04f378b198da233ca0aca341b113dc6579d46123), so Hardy and Dapper are not
(2.6.33-rc8, 188.8.131.52, 184.108.40.206)
Updated: 2016-03-23 03:35:27 UTC (commit 10817)