CERT-In:Indian Computer Emergency Response Team

HOME > VULNERABILITY

VULNERABILITY

CERT-In Vulnerability Note CIVN-2010-77
Linux Kernel Video Output Status Local Denial of Vulnerability

Original Issue Date: March 25, 2010

Severity Rating:Low

System Affected

Kernel versions prior to 2.6.34-rc1

Overview

A vulnerability has been reported in Linux Kernel which can be exploited by local attacker to cause a Denial of Service condition (DoS) .

Description

This vulnerability is caused in Linux Kernel due to an invalid pointer dereference while reading the status of video output devices on certain ThinkPad platforms. A local attacker can exploit this vulnerability to cause a kernel crash (DoS) by reading data from /proc/acpi/ibm/video.

Solutions

Update to version 2.6.33.1
http://www.kernel.org/

Vendor Information

kernel.org
http://www.kernel.org/

References

kernel.org
http://git.kernel.org/linus/b525c06cdbd8a3963f0173ccd23f9147d4c384b5
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.33.1

Debian.org
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=565790

SecurityFocus
http://www.securityfocus.com/bid/38607

Secunia
http://secunia.com/advisories/38863

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003

Home || Feedback || FAQ || Disclaimer

CERT-In Vulnerability Note CIVN-2010-77 Linux Kernel Video Output Status Local Denial of Vulnerability

CERT-In Vulnerability Note CIVN-2010-77
Linux Kernel Video Output Status Local Denial of Vulnerability