Published: 26/11/2010 Updated: 07/11/2023

CVSS v2 Base Score: 6.2 | Impact Score: 10 | Exploitability Score: 1.9

VMScore: 625

Vector: AV:L/AC:H/Au:N/C:C/I:C/A:C

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel prior to 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux kernel
fedoraproject fedora 13
suse linux enterprise desktop 11
suse linux enterprise server 11
opensuse opensuse 11.2
opensuse opensuse 11.3
debian debian linux 5.0
canonical ubuntu linux 10.10
canonical ubuntu linux 9.04
canonical ubuntu linux 9.10
canonical ubuntu linux 8.04
canonical ubuntu linux 10.04
canonical ubuntu linux 6.06

Multiple kernel flaws ...

An attacker could send crafted input to the kernel and cause it to crash ...

Multiple security flaws have been fixed in the OMAP4 port of the Linux kernel ...

Multiple security issues fixed ...

Multiple kernel flaws ...

// source: wwwsecurityfocuscom/bid/44242/info /* * CVE-2010-2963 * Arbitrary write memory write via v4l1 compat ioctl * Kees Cook <kees@ubuntucom> * * greets to drosenberg, spender, taviso */ #define _GNU_SOURCE #include <stdioh> #include <unistdh> #include <stdlibh> #include <fcntlh> #include &lt ...

Linux kernel arbitrary write memory write via v4l1 compat ioctl exploit ...

CWE-20 https://bugzilla.redhat.com/show_bug.cgi?id=642465 http://www.outflux.net/blog/archives/2010/10/19/cve-2010-2963-v4l-compat-exploit/http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36 http://www.securitytracker.com/id?1024710 http://www.securityfocus.com/bid/44242 http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00008.html http://www.ubuntu.com/usn/USN-1000-1 http://www.vupen.com/english/advisories/2010/3321 http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html http://secunia.com/advisories/42745 http://www.debian.org/security/2010/dsa-2126 http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00004.html http://www.mandriva.com/security/advisories?name=MDVSA-2010:257 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=3e645d6b485446c54c6745c5e2cf5c528fe4deec https://nvd.nist.gov https://www.exploit-db.com/exploits/15344/https://usn.ubuntu.com/1083-1/

CVE-2010-2963

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect