CVE-2010-2963: Input Validation

First published: Wed Oct 13 2010(Updated: )

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.

Credit: security@ubuntu.com security@ubuntu.com security@ubuntu.com

Affected Software	Affected Version	How to fix
debian/linux-2.6
Linux Linux kernel	<2.6.36
Fedoraproject Fedora	=13
openSUSE openSUSE	=11.2
openSUSE openSUSE	=11.3
SUSE Linux Enterprise Desktop	=11-sp1
SUSE Linux Enterprise Server	=11-sp1
Debian Debian Linux	=5.0
Canonical Ubuntu Linux	=6.06
Canonical Ubuntu Linux	=8.04
Canonical Ubuntu Linux	=9.04
Canonical Ubuntu Linux	=9.10
Canonical Ubuntu Linux	=10.04
Canonical Ubuntu Linux	=10.10

Remedy

https://bugzilla.redhat.com/show_bug.cgi?id=642465

Remedy

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=3e645d6b485446c54c6745c5e2cf5c528fe4deec

Never miss a vulnerability like this again

Reference Links

agent/first-publish-date
collector/launchpad-cve
source/Launchpad
agent/type
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
agent/author
agent/weakness
agent/severity
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-api
collector/nvd-index
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2010-2963
collector/usn-cve
source/Ubuntu
agent/remedy
agent/references
agent/event
agent/softwarecombine
agent/description
collector/nvd-cve
source/NVD
agent/last-modified-date
agent/trending
agent/tags
agent/source
package-manager/debian
vendor/linux
canonical/linux linux kernel
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/13
vendor/suse
canonical/suse linux enterprise desktop
version/suse linux enterprise desktop/11-sp1
canonical/suse linux enterprise server
version/suse linux enterprise server/11-sp1
vendor/opensuse
canonical/opensuse opensuse
version/opensuse opensuse/11.2
version/opensuse opensuse/11.3
vendor/debian
canonical/debian debian linux
version/debian debian linux/5.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/10.10
version/canonical ubuntu linux/9.04
version/canonical ubuntu linux/9.10
version/canonical ubuntu linux/8.04
version/canonical ubuntu linux/10.04
version/canonical ubuntu linux/6.06

CVE-2010-2963: Input Validation

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact