CVE-2009-4138

NameCVE-2009-4138
Descriptiondrivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2005-1
NVD severitymedium (attack range: local)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linux-2.6source(unstable)2.6.32-3medium
linux-2.6sourceetch(not affected)
linux-2.6sourcelenny2.6.26-21medium
linux-2.6.24source(unstable)(unfixed)medium
linux-2.6.24sourceetch2.6.24-6~etchnhalf.9etch3mediumDSA-2005-1

Notes

[etch] - linux-2.6 <not-affected> (ohci introduced in 2.6.22)

Search for package or bug name: Reporting problems