Main Vulnerability Database SB2010112601

SB2010112601 - Input validation error in Linux kernel

Published: November 26, 2010 Updated: March 19, 2012

Security Bulletin ID SB2010112601

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Input validation error (CVE-ID: CVE-2010-2963)

The vulnerability allows a local user to escalate privileges on the system.

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.

Remediation

Install update from vendor's website.

References

https://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.20