Protecting against kernel NULL-pointer derefs
Przemyslaw Frasunek
przemyslaw at frasunek.com
Tue Sep 15 15:52:10 UTC 2009
Dag-Erling Smørgrav:
> A search of FreeBSD security advisories shows two in the last four
> years, plus the current unreleased issue.
There are three NULL pointer dereference issues, that I found in last
month, but probably more to come, so implementing some kind of zero page
protection should be considered.
The first one affects 6.1 and it was made public in August:
http://www.frasunek.com/kqueue.txt
Another one affects 6.4 and is currently handled by secteam. Advisory
will be released on Wednesday.
The last one, as demonstrated on http://www.vimeo.com/6580991 affects
7.x up to 7.2 and 6.x up to 6.4. I'm not going to disclose any details
before official security advisory.
More information about the freebsd-security
mailing list