CVE-2009-4895

Priority
Description
Race condition in the tty_fasync function in drivers/char/tty_io.c in the
Linux kernel before 2.6.32.6 allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via unknown vectors, related to the put_tty_queue
and __f_setown functions. NOTE: the vulnerability was addressed in a
different way in 2.6.32.9.
Ubuntu-Description
Al Viro discovered a race condition in the TTY driver. A local attacker
could exploit this to crash the system, leading to a denial of service.
Assigned-to
smb
Notes
sbeattiefirst patch (703625118069f9f8) was reverted and the second
patch was used in 2.6.32.9, which fixes the issue "properly".
smbIMO the races in tty became visible when the BLK was pushed down into
the line disciplines and switch to unlocked ioctl in 2.6.26
(04f378b198da233ca0aca341b113dc6579d46123), so Hardy and Dapper are not
affected.
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:not-affected
More Information

Updated: 2020-01-29 19:37:25 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)