'[oss-security] CVE-2009-4138 kernel: firewire: ohci: handle receive packets with'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE-2009-4138 kernel: firewire: ohci: handle receive packets with
From:       Eugene Teo <eugene () redhat ! com>
Date:       2009-12-15 1:50:31
Message-ID: 4B26EB67.3010806 () redhat ! com
[Download RAW message or body]

Anyone who can open any of the /dev/fw* files on recent version of the 
new firewire stack can trigger a NULL pointer dereference with ohci 1.0 
controllers (or ohci 1.1 controllers that are being used in ohci 1.0 
mode because of hardware bugs) by issuing certain ioctls.

On machines with non-blacklisted ohci1.1 controllers, the call does 
nothing, which is a bug.

https://bugzilla.redhat.com/CVE-2009-4138
http://patchwork.kernel.org/patch/66747/

Thanks, Eugene
-- 
Eugene Teo / Red Hat Security Response Team
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic