VULHUB ™

A potential denial of service vulnerability exists in the NetBSD kernel. The problem is the result of input validation errors in the ioctl(9) routines provided by several drivers included in the kernel. It is likely that the ioctl routine fails to properly check a user-supplied value used to allocate kernel memory or copy data from user memory. This might be accomplished by passing a large numeric value to the function and causing a signed integer overflow. If exploited, it may be possible for a local user to cause a kernel panic, requiring the machine to be reset. Additional technical details are forthcoming.

A potential denial of service vulnerability exists in the NetBSD kernel. The problem is the result of input validation errors in the ioctl(9) routines provided by several drivers included in the kernel. It is likely that the ioctl routine fails to properly check a user-supplied value used to allocate kernel memory or copy data from user memory. This might be accomplished by passing a large numeric value to the function and causing a signed integer overflow. If exploited, it may be possible for a local user to cause a kernel panic, requiring the machine to be reset. Additional technical details are forthcoming.