FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Devfs / VFS NULL pointer race condition

Affected systems
6.3 < FreeBSD < 6.3_13
6.4 < FreeBSD < 6.4_7
7.1 < FreeBSD < 7.1_8
7.2 < FreeBSD < 7.2_4

Details

VuXML ID 50383bde-b25b-11de-8c83-02e0185f8d72
Discovery 2009-10-02
Entry 2009-10-06

Problem Description:

Due to the interaction between devfs and VFS, a race condition exists where the kernel might dereference a NULL pointer.

Impact:

Successful exploitation of the race condition can lead to local kernel privilege escalation, kernel data corruption and/or crash.

To exploit this vulnerability, an attacker must be able to run code with user privileges on the target system.

Workaround:

An errata note, FreeBSD-EN-09:05.null has been released simultaneously to this advisory, and contains a kernel patch implementing a workaround for a more broad class of vulnerabilities. However, prior to those changes, no workaround is available.

References

FreeBSD Advisory SA-09:14.devfs