Upstream information
Description
Race condition in the tty_fasync function in drivers/char/tty_io.c in the Linux kernel before 2.6.32.6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impact via unknown vectors, related to the put_tty_queue and __f_setown functions. NOTE: the vulnerability was addressed in a different way in 2.6.32.9.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 4.7 |
| Vector | AV:L/AC:M/Au:N/C:N/I:N/A:C |
| Access Vector | Local |
| Access Complexity | Medium |
| Authentication | None |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Complete |
| National Vulnerability Database | |
|---|---|
| Base Score | 4.7 |
| Vector | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Attack Vector | Local |
| Attack Complexity | High |
| Privileges Required | Low |
| User Interaction | None |
| Scope | Unchanged |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | High |
| CVSSv3 Version | 3.1 |
Note from the SUSE Security Team
Only kernels newer than 2.6.17 were affected. SUSE Linux Enterprise 11 SP1 was fixed before shipment (with the 2.6.32.9 kernel), SUSE Linux Enterprise 11 GA, openSUSE 11.1 and 11.2 are affected. Updates will be published for this issue. SUSE Bugzilla entry: 614266 [RESOLVED / FIXED] No SUSE Security Announcements cross referenced.SUSE Timeline for this CVE
CVE page created: Tue Jul 9 17:37:44 2013CVE page last modified: Sat Sep 14 11:13:04 2024