Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <4C217789.1040707@kernel.sg>
Date: Wed, 23 Jun 2010 10:55:05 +0800
From: Eugene Teo <eugeneteo@...nel.sg>
To: oss-security@...ts.openwall.com
Subject: kernel: thinkpad-acpi: lock down video output state access

Just a heads up. Not requesting a CVE name for this since it only affect 
certain thinkpads/xorg.

"Given the right combination of ThinkPad and X.org, just reading the 
video output control state is enough to hard-crash X.org.

Until the day I somehow find out a model or BIOS cut date to not provide 
this feature to ThinkPads that can do video switching through X RandR, 
change permissions so that only processes with CAP_SYS_ADMIN can access 
any sort of video output control state.

This bug could be considered a local DoS I suppose, as it allows any
non-privledged local user to cause some versions of X.org to hard-crash 
some ThinkPads."

Upstream commit:
http://git.kernel.org/linus/b525c06cdbd8a3963f0173ccd23f9147d4c384b5

Thanks, Eugene
-- 
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.