Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 28 Feb 2011 15:53:44 -0500 (EST)
From: Josh Bressers <>
Cc: coley <>
Subject: Re: CVE request: v86d: Failure to validate netlink
 message sender

Please use CVE-2011-1070



----- Original Message -----
> Versions of the v86d userspace helper for the Linux uvesafb driver
> before 0.1.10 did not verify that received netlink messages were sent
> by the kernel, allowing unprivileged users to manipulate the video
> mode and potentially other consequences.
> v86d executes video BIOS code with access to /dev/mem in response to
> netlink messages, using either vm86 mode or an x86 emulator, depending
> on configuration. I an unclear on whether it is possible to e.g. crash
> the machine or escalate privileges by spoofing requests, or only to
> mess with the video card.
> References:

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ