4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
5.3%
Race condition in the tty_fasync function in drivers/char/tty_io.c in the
Linux kernel before 2.6.32.6 allows local users to cause a denial of
service (NULL pointer dereference and system crash) or possibly have
unspecified other impact via unknown vectors, related to the put_tty_queue
and __f_setown functions. NOTE: the vulnerability was addressed in a
different way in 2.6.32.9.
Author | Note |
---|---|
sbeattie | first patch (703625118069f9f8) was reverted and the second patch was used in 2.6.32.9, which fixes the issue “properly”. |
smb | IMO the races in tty became visible when the BLK was pushed down into the line disciplines and switch to unlocked ioctl in 2.6.26 (04f378b198da233ca0aca341b113dc6579d46123), so Hardy and Dapper are not affected. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 9.04 | noarch | linux | < 2.6.28-19.66 | UNKNOWN |
ubuntu | 9.10 | noarch | linux | < 2.6.31-22.67 | UNKNOWN |
ubuntu | 9.10 | noarch | linux-ec2 | < 2.6.31-307.21 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-ec2 | < 2.6.32-309.18 | UNKNOWN |
ubuntu | 9.10 | noarch | linux-fsl-imx51 | < 2.6.31-112.30 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-fsl-imx51 | < 2.6.31-608.22 | UNKNOWN |
ubuntu | 10.04 | noarch | linux-lts-backport-maverick | < 2.6.35-25.44~lucid1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2009-4895
nvd.nist.gov/vuln/detail/CVE-2009-4895
security-tracker.debian.org/tracker/CVE-2009-4895
ubuntu.com/security/notices/USN-1000-1
ubuntu.com/security/notices/USN-1074-1
ubuntu.com/security/notices/USN-1074-2
ubuntu.com/security/notices/USN-1083-1
www.cve.org/CVERecord?id=CVE-2009-4895
4.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
4.7 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:N/I:N/A:C
0.0004 Low
EPSS
Percentile
5.3%