CVE-2009-4895 (retired)

Priority
Description
Race condition in the tty_fasync function in drivers/char/tty_io.c in the
Linux kernel before 2.6.32.6 allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via unknown vectors, related to the put_tty_queue
and __f_setown functions. NOTE: the vulnerability was addressed in a
different way in 2.6.32.9.
Ubuntu-Description
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
Notes
 sbeattie> first patch (703625118069f9f8) was reverted and the second
  patch was used in 2.6.32.9, which fixes the issue "properly".
  smb> IMO the races in tty became visible when the BLK was pushed down into
  smb> the line disciplines and switch to unlocked ioctl in 2.6.26
  smb> (04f378b198da233ca0aca341b113dc6579d46123), so Hardy and Dapper are not
  smb> affected.
Assigned-to
smb
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:not-affected
More Information

Updated: 2019-03-26 11:50:02 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)