Date: Tue, 15 Dec 2009 09:50:31 +0800 From: Eugene Teo <eugene@...hat.com> To: oss-security@...ts.openwall.com CC: "Steven M. Christey" <coley@...us.mitre.org> Subject: CVE-2009-4138 kernel: firewire: ohci: handle receive packets with a data length of zero Anyone who can open any of the /dev/fw* files on recent version of the new firewire stack can trigger a NULL pointer dereference with ohci 1.0 controllers (or ohci 1.1 controllers that are being used in ohci 1.0 mode because of hardware bugs) by issuing certain ioctls. On machines with non-blacklisted ohci1.1 controllers, the call does nothing, which is a bug. https://bugzilla.redhat.com/CVE-2009-4138 http://patchwork.kernel.org/patch/66747/ Thanks, Eugene -- Eugene Teo / Red Hat Security Response Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ