Bug 133109

Summary: input/serio local DOS
Product: Red Hat Enterprise Linux 2.1 Reporter: Josh Bressers <bressers>
Component: kernelAssignee: Jason Baron <jbaron>
Status: CLOSED DUPLICATE QA Contact: Brian Brock <bbrock>
Severity: medium Docs Contact:
Priority: medium    
Version: 2.1CC: knoel, riel
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: i386   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2006-02-21 19:05:45 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Josh Bressers 2004-09-21 18:42:55 UTC 
drivers/input/serio/serport.c can lead to kernel panic in serio code
followed by jbd's panic (probably due to random memory write, I don't
       now) and/or system lockup.

        Steps to exploit it:
        process 1:
            open() a tty device;
            TIOCSETD it to N_MOUSE;
            read() it. it will block.
        after that, process 2:
            open() the same device;
            TIOCSETD it to 0;
            TIOCSETD it to N_MOUSE; (not sure if it's necessary)
            kill() process 1;
Comment 1 Ernie Petrides 2004-09-22 02:26:13 UTC 

*** This bug has been marked as a duplicate of 131672 ***
Comment 2 Red Hat Bugzilla 2006-02-21 19:05:45 UTC 
Changed to 'CLOSED' state since 'RESOLVED' has been deprecated.