Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 652122 - (CVE-2010-3448) CVE-2010-3448 kernel: thinkpad-acpi: lock down video output state access
CVE-2010-3448 kernel: thinkpad-acpi: lock down video output state access
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
public=20100226,reported=20100622,sou...
: Security
Depends On: 604608 607037 607038 607039 629241 652123
Blocks:
  Show dependency treegraph
 
Reported: 2010-11-10 22:06 EST by Eugene Teo (Security Response)
Modified: 2015-07-31 08:26 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-07-29 10:48:43 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Eugene Teo (Security Response) 2010-11-10 22:06:55 EST 
Given the right combination of ThinkPad and X.org, just reading the video
output control state is enough to hard-crash X.org.

Until the day I somehow find out a model or BIOS cut date to not provide this
feature to ThinkPads that can do video switching through X RandR, change
permissions so that only processes with CAP_SYS_ADMIN can access any sort of
video output control state.

This bug could be considered a local DoS I suppose, as it allows any
non-privledged local user to cause some versions of X.org to hard-crash some
ThinkPads.

Reported-by: Jidanni <jidanni@jidanni.org>
Signed-off-by: Henrique de Moraes Holschuh <hmh@hmh.eng.br>
Cc: stable@kernel.org

Upstream commit:
http://git.kernel.org/linus/b525c06cdbd8a3963f0173ccd23f9147d4c384b5
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.