CVE-2009-4895

Published: 08 September 2010

Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9.

From the Ubuntu security team

Al Viro discovered a race condition in the TTY driver. A local attacker could exploit this to crash the system, leading to a denial of service.

Priority

Low

Notes

AuthorNote
sbeattie
first patch (703625118069f9f8) was reverted and the second
patch was used in 2.6.32.9, which fixes the issue "properly".
smb
IMO the races in tty became visible when the BLK was pushed down into
the line disciplines and switch to unlocked ioctl in 2.6.26
(04f378b198da233ca0aca341b113dc6579d46123), so Hardy and Dapper are not
affected.

References