CVE-2007-3654

Name of the Vulnerable Software and Affected Versions NetBSD versions 3.0 through 4.0 BETA2 NetBSD-current before 20070728

Description The issue allows local users to cause a denial of service, resulting in a system panic. This can be achieved by passing a negative or large value in an ioctl call, such as the one used by the vga allocattr function.

Recommendations For NetBSD versions 3.0 through 4.0 BETA2, consider upgrading to a version after 4.0 BETA2 to resolve the issue. For NetBSD-current before 20070728, update to a version after 20070728 to fix the problem. As a temporary workaround, consider restricting access to the ioctl call to minimize the risk of exploitation.