FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Devfs / VFS NULL pointer race condition

Affected packages
6.3 <= FreeBSD < 6.3_13
6.4 <= FreeBSD < 6.4_7
7.1 <= FreeBSD < 7.1_8
7.2 <= FreeBSD < 7.2_4


VuXML ID 50383bde-b25b-11de-8c83-02e0185f8d72
Discovery 2009-10-02
Entry 2009-10-06
Modified 2016-08-09

Problem Description:

Due to the interaction between devfs and VFS, a race condition exists where the kernel might dereference a NULL pointer.


Successful exploitation of the race condition can lead to local kernel privilege escalation, kernel data corruption and/or crash.

To exploit this vulnerability, an attacker must be able to run code with user privileges on the target system.


An errata note, FreeBSD-EN-09:05.null has been released simultaneously to this advisory, and contains a kernel patch implementing a workaround for a more broad class of vulnerabilities. However, prior to those changes, no workaround is available.


FreeBSD Advisory SA-09:14.devfs