drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified ioctl associated with receiving an ISO packet that contains zero in the payload-length field.
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00000.html
http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
http://patchwork.kernel.org/patch/66747/
https://bugzilla.redhat.com/show_bug.cgi?id=547236
http://secunia.com/advisories/38017
http://secunia.com/advisories/38276
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7376
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9527
https://rhn.redhat.com/errata/RHSA-2010-0046.html
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://support.avaya.com/css/P8/documents/100073666
http://www.debian.org/security/2010/dsa-2005
http://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.32-git9.log
Published: 2009-12-16
Base Score: 4.7
Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:C
Severity: Medium