Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2010-2963

Published: 19 October 2010

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.

From the Ubuntu Security Team

Kees Cook discovered that the V4L1 32bit compat interface did not correctly validate certain parameters. A local attacker on a 64bit system with access to a video device could exploit this to gain root privileges.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy
Released (2.6.24-28.80)
jaunty
Released (2.6.28-19.66)
karmic
Released (2.6.31-22.67)
lucid
Released (2.6.32-25.45)
maverick
Released (2.6.35-22.35)
upstream Needs triage

Patches:
hardy: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2963/patches/hardy/linux/0001-v4l-disable-dangerous-buggy-compat-function.txt
jaunty: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2963/patches/jaunty/linux/0001-v4l-disable-dangerous-buggy-compat-function.txt
karmic: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2963/patches/karmic/linux/0001-v4l-disable-dangerous-buggy-compat-function.txt
lucid: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2963/patches/lucid/linux/0001-v4l-disable-dangerous-buggy-compat-function.txt
maverick: http://chinstrap.ubuntu.com/~sconklin/CVEs/CVE-2010-2963/patches/maverick/linux/0001-v4l-disable-dangerous-buggy-compat-function.txt
linux-ec2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-307.21)
lucid
Released (2.6.32-309.18)
maverick Ignored
(end of life)
upstream Needs triage

linux-fsl-imx51
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-112.30)
lucid
Released (2.6.31-608.22)
maverick Does not exist

upstream Needs triage

linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid
Released (2.6.35-25.44~lucid1)
maverick Does not exist

upstream Needs triage

linux-mvl-dove
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(end of life)
lucid
Released (2.6.32-216.33)
maverick
Released (2.6.32-416.33)
upstream Needs triage

linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream Needs triage

linux-ti-omap4
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick
Released (2.6.35-903.22)
upstream Needs triage