[原文]The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
Multiple BSD Kernel Asynchronous I/O Facility Notification DoS
Local Access Required
Denial of Service,
Loss of Integrity,
Loss of Availability
Certain BSD-derived kernels contain a flaw that may allow a local denial of service. The issue is triggered when a malicious user sends signals to arbitrary processes via certain ioctl and fcntl system calls to interrupt or kill processes, resulting in loss of availability for the service or platform.
Upgrade to OpenBSD version 2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.
For all others, there are no known upgrades, patches, or workarounds available to correct this issue.