CVE-2009-4138

Sažetak

drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.

Reference

http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git9.log
http://patchwork.kernel.org/patch/66747/
https://bugzilla.redhat.com/show_bug.cgi?id=547236
http://www.securityfocus.com/bid/37339
http://www.openwall.com/lists/oss-security/2009/12/15/1
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
http://secunia.com/advisories/38017
https://rhn.redhat.com/errata/RHSA-2010-0046.html
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://support.avaya.com/css/P8/documents/100073666
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://secunia.com/advisories/38276
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
http://www.debian.org/security/2010/dsa-2005
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9527
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7376
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8c0c0cc2d9f4c523fde04bdfe41e4380dec8ee54

CVSS

Base:	4.7
Impact:	6.9
Exploitability:	3.4

Pristup

Vektor	Složenost	Autentikacija
LOCAL	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	COMPLETE

CVSS vektor

AV:L/AC:M/Au:N/C:N/I:N/A:C

Zadnje važnije ažuriranje

13-02-2023 - 02:20

Objavljeno

16-12-2009 - 19:30