Pierre Pronchery

**Name of the Vulnerable Software and Affected Versions** NetBSD versions 4.0 through 5.0 NetBSD-current before 2010-01-21 **Description** The issue allows local users to cause a denial of service, resulting in a kernel panic. This is achieved by passing a negative mixer index number to either the azalia query devinfo function in the azalia audio driver or the hdaudio afg query devinfo function in the hdaudio audio driver. **Recommendations** For NetBSD versions 4.0 through 5.0, consider updating to a version released after 2010-01-21 to resolve the issue. For NetBSD-current before 2010-01-21, update to a version released after 2010-01-21 to resolve the issue. As a temporary workaround, consider restricting access to the azalia query devinfo function and the hdaudio afg query devinfo function to minimize the risk of exploitation.