CVE-2009-1238

Name of the Vulnerable Software and Affected Versions XNU versions 1228.8.20 and earlier Mac OS X versions 10.5.6 and earlier

Description A race condition exists in the HFS vfs sysctl interface, allowing local users to cause a denial of service by executing the same HFS SET PKG EXTENSIONS code path in multiple threads simultaneously. This issue arises due to the lack of mutex locking for a global variable.

Recommendations For XNU versions 1228.8.20 and earlier, consider applying a patch to implement mutex locking for the global variable to prevent simultaneous access. For Mac OS X versions 10.5.6 and earlier, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.