CVE-2009-4138 Information

Description

drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9 when packet-per-buffer mode is used allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.

Reference

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=8c0c0cc2d9f4c523fde04bdfe41e4380dec8ee54 http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html http://patchwork.kernel.org/patch/66747/ http://secunia.com/advisories/38017 http://secunia.com/advisories/38276 http://support.avaya.com/css/P8/documents/100073666 http://www.debian.org/security/2010/dsa-2005 http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git9.log http://www.openwall.com/lists/oss-security/2009/12/15/1 http://www.securityfocus.com/bid/37339 https://bugzilla.redhat.com/show_bug.cgi?id=547236 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A7376 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9527 https://rhn.redhat.com/errata/RHSA-2010-0046.html https://rhn.redhat.com/errata/RHSA-2010-0095.html