CVE-2010-2963 (retired)

Priority
Description
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L)
implementation in the Linux kernel before 2.6.36 on 64-bit platforms does
not validate the destination of a memory copy operation, which allows local
users to write to arbitrary kernel memory locations, and consequently gain
privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed
by a VIDIOCSMICROCODE ioctl call on this device.
Ubuntu-Description
Kees Cook discovered that the V4L1 32bit compat interface did not correctly
validate certain parameters. A local attacker on a 64bit system with access
to a video device could exploit this to gain root privileges.
Assigned-to
sconklin
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-03-26 11:52:40 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)