Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 23 Jun 2010 10:55:05 +0800
From: Eugene Teo <>
Subject: kernel: thinkpad-acpi: lock down video output state access

Just a heads up. Not requesting a CVE name for this since it only affect 
certain thinkpads/xorg.

"Given the right combination of ThinkPad and, just reading the 
video output control state is enough to hard-crash

Until the day I somehow find out a model or BIOS cut date to not provide 
this feature to ThinkPads that can do video switching through X RandR, 
change permissions so that only processes with CAP_SYS_ADMIN can access 
any sort of video output control state.

This bug could be considered a local DoS I suppose, as it allows any
non-privledged local user to cause some versions of to hard-crash 
some ThinkPads."

Upstream commit:

Thanks, Eugene
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.