An issue was discovered in LinuxTV xawtv before 3.107. The function
dev_open() in v4l-conf.c does not perform sufficient checks to prevent an
unprivileged caller of the program from opening unintended filesystem
paths. This allows a local attacker with access to the v4l-conf setuid-root
program to test for the existence of arbitrary files and to trigger an open
on arbitrary files with mode O_RDWR. To achieve this, relative path
components need to be added to the device path, as demonstrated by a
v4l-conf -c /dev/../root/.bash_history command.
Source: xawtv (LP Ubuntu Debian)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):released (3.103-3+deb8u1build0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 20.04 LTS (Focal Fossa):needs-triage
Ubuntu 20.10 (Groovy Gorilla):not-affected (3.107-1)
More Information

Updated: 2020-09-17 22:15:46 UTC (commit 133663e70d0a77a4e020d0df6bbf62c6fe99ddc3)