Red Hat Bugzilla – Bug 607039
CVE-2010-3448 kernel: thinkpad-acpi: lock down video output state access [mrg-1.3]
Last modified: 2016-05-22 19:30:44 EDT
+++ This bug was initially created as a clone of Bug #607035 +++
Description of problem:
Given the right combination of ThinkPad and X.org, just reading the video output control state is enough to hard-crash X.org.
Until the day I somehow find out a model or BIOS cut date to not provide this feature to ThinkPads that can do video switching through X RandR, change permissions so that only processes with CAP_SYS_ADMIN can access any sort of video output control state.
This bug could be considered a local DoS I suppose, as it allows any non-privledged local user to cause some versions of X.org to hard-crash some ThinkPads.
Reported-by: Jidanni <email@example.com>
Signed-off-by: Henrique de Moraes Holschuh <firstname.lastname@example.org>
The equivalent of b525c06cdbd8a3963f0173ccd23f9147d4c384b5
So, this fix is already included in our base kernel.