CVE-2009-2649

Name of the Vulnerable Software and Affected Versions FreeBSD versions 6.0 through 8.0

Description The issue allows local users to cause a denial of service, resulting in a kernel panic, by sending a certain IOCTL request with a large count to the IATA (ata) driver when read access to /dev is available. This triggers a malloc call with a large value.

Recommendations For FreeBSD versions 6.0 through 8.0, consider restricting access to the /dev directory to minimize the risk of exploitation. As a temporary workaround, limit the use of the IATA (ata) driver until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.