1253824 – (CVE-2015-5198) CVE-2015-5198 libvdpau incorrect check for security transition

Bug 1253824 (CVE-2015-5198) - CVE-2015-5198 libvdpau incorrect check for security transition

Summary: CVE-2015-5198 libvdpau incorrect check for security transition

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2015-5198
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1253829 1258644
Blocks:	1215757 1253830
TreeView+	depends on / blocked

Reported:	2015-08-14 19:40 UTC by Florian Weimer
Modified:	2023-05-12 10:36 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2021-10-21 00:46:34 UTC
Embargoed:

Attachments	(Terms of Use)

Description Florian Weimer 2015-08-14 19:40:12 UTC

It was discovered that libvdpau incorrectly checks if the process underwent a security transition at startup, related to processing of the VDPAU_DRIVER_PATH environment variable.  This may allow local attackers gain additional privileges.

Acknowledgements:

This issue was discovered by Florian Weimer of Red Hat Product Security.

Comment 2 Florian Weimer 2015-08-31 21:55:53 UTC

External references:

http://lists.x.org/archives/xorg-announce/2015-August/002630.html

Comment 3 Florian Weimer 2015-08-31 21:57:02 UTC

Created libvdpau tracking bugs for this issue:

Affects: fedora-all [bug 1258644]

Comment 4 Fedora Update System 2015-09-04 19:45:53 UTC

libvdpau-1.1.1-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 5 Adam Mariš 2015-09-08 07:21:41 UTC

Upstream patch:

http://cgit.freedesktop.org/~aplattner/libvdpau/commit/?id=d1f9c16b1a8187110e501c9116d21ffee25c0ba4

Comment 6 Fedora Update System 2015-09-24 08:26:49 UTC

libvdpau-1.1.1-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 7 Fedora Update System 2015-11-01 22:19:56 UTC

libvdpau-1.1.1-2.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.

Comment 8 Benjamin Tissoires 2021-09-21 11:50:38 UTC

I am doing some janitor tasks on my bugzillas. Can we close this one? It seemed to have been fixed 6 years ago...

Note You need to log in before you can comment on or make changes to this bug.