CVE-2009-4138

drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.

References

http://www.securityfocus.com/bid/37339

http://secunia.com/advisories/38276

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7376

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html

http://support.avaya.com/css/P8/documents/100073666

http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html

https://bugzilla.redhat.com/show_bug.cgi?id=547236

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9527

http://patchwork.kernel.org/patch/66747/

http://www.openwall.com/lists/oss-security/2009/12/15/1

http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git9.log

https://rhn.redhat.com/errata/RHSA-2010-0095.html

http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html

https://rhn.redhat.com/errata/RHSA-2010-0046.html

http://www.debian.org/security/2010/dsa-2005

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=8c0c0cc2d9f4c523fde04bdfe41e4380dec8ee54

http://secunia.com/advisories/38017