CVE-2011-0521

Published: 02 February 2011

The dvb_ca_ioctl function in drivers/media/dvb/ttpci/av7110_ca.c in the Linux kernel before 2.6.38-rc2 does not check the sign of a certain integer field, which allows local users to cause a denial of service (memory corruption) or possibly have unspecified other impact via a negative value.

From the Ubuntu security team

Dan Carpenter discovered that the TTPCI DVB driver did not check certain values during an ioctl. If the dvb-ttpci module was loaded, a local attacker could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc2)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=cb26a24ee9706473f31d34cc259f4dcf45cd0644
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc2)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc2)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc2)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc2)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc2)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc2)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc2)