[原文]The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error.
NetBSD Multiple Audio Driver Malformed ioctl() Call Local DoS
Local Access Required
Denial of Service
Loss of Availability
NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious attacker uses the set-parameters ioctl call on certain audio devices to change block size and set pause state to "unpaused" in the same ioctl, which will cause a divide-by-zero error resulting in loss of availability for the platform.
Upgrade to version 2.0.3 or 2.0.2 after the correction date, as it has been reported to fix this vulnerability. In addition, NetBSD has released a patch for some older versions. It is also possible to correct the flaw by implementing the following workaround: disable access to the audio device for all users. Execute the following commands as root:
chown root /dev/audio* /dev/audioctl* /dev/sound*
chmod 000 /dev/audio* /dev/audioctl* /dev/sound*