CVE-2010-0561

Name of the Vulnerable Software and Affected Versions NetBSD versions 4.0 through 5.0 NetBSD-current before 2010-01-21

Description The issue allows local users to cause a denial of service, resulting in a kernel panic. This is achieved by passing a negative mixer index number to either the azalia query devinfo function in the azalia audio driver or the hdaudio afg query devinfo function in the hdaudio audio driver.

Recommendations For NetBSD versions 4.0 through 5.0, consider updating to a version released after 2010-01-21 to resolve the issue. For NetBSD-current before 2010-01-21, update to a version released after 2010-01-21 to resolve the issue. As a temporary workaround, consider restricting access to the azalia query devinfo function and the hdaudio afg query devinfo function to minimize the risk of exploitation.