Red Hat Bugzilla – Bug 133110
CAN-2004-0814 input/serio local DOS
Last modified: 2013-08-05 21:08:07 EDT
drivers/input/serio/serport.c can lead to kernel panic in serio code
followed by jbd's panic (probably due to random memory write, I don't
now) and/or system lockup.
Steps to exploit it:
open() a tty device;
TIOCSETD it to N_MOUSE;
read() it. it will block.
after that, process 2:
open() the same device;
TIOCSETD it to 0;
TIOCSETD it to N_MOUSE; (not sure if it's necessary)
kill() process 1;
This is a dup of bug 131672, but I'll leave this open since
it's for Derry (as opposed to Pensacola).
For reference the fix that got committed upstream into 2.4.29:
Jim - Update with information regarding U7 target.
This is a dup of 131672, which is assigned to jbaron. Neither of these are
likely to make U7
The fix has been deemed too invasive for a RHEL2.1 update at this time. Closing