Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
Bug 607039 - CVE-2010-3448 kernel: thinkpad-acpi: lock down video output state access [mrg-1.3]
CVE-2010-3448 kernel: thinkpad-acpi: lock down video output state access [mrg...
Product: Red Hat Enterprise MRG
Classification: Red Hat
Component: realtime-kernel (Show other bugs)
All Linux
high Severity medium
: ---
: ---
Assigned To: John Kacur
David Sommerseth
Depends On: 607035
Blocks: 607037 607038 CVE-2010-3448
  Show dependency treegraph
Reported: 2010-06-22 22:26 EDT by Eugene Teo (Security Response)
Modified: 2016-05-22 19:30 EDT (History)
7 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 607035
Last Closed: 2010-09-06 10:25:52 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Eugene Teo (Security Response) 2010-06-22 22:26:44 EDT
+++ This bug was initially created as a clone of Bug #607035 +++

Description of problem:
Given the right combination of ThinkPad and X.org, just reading the video output control state is enough to hard-crash X.org.
Until the day I somehow find out a model or BIOS cut date to not provide this feature to ThinkPads that can do video switching through X RandR, change permissions so that only processes with CAP_SYS_ADMIN can access any sort of video output control state.
This bug could be considered a local DoS I suppose, as it allows any non-privledged local user to cause some versions of X.org to hard-crash some ThinkPads.
Reported-by: Jidanni <jidanni@jidanni.org>
Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Cc: stable@kernel.org

Upstream commit:
Comment 3 John Kacur 2010-09-06 10:23:25 EDT
The equivalent of b525c06cdbd8a3963f0173ccd23f9147d4c384b5
is c9438d3d949d4c5f88f630b647011b8381c63ae5

So, this fix is already included in our base kernel.

Note You need to log in before you can comment on or make changes to this bug.