CVE-2010-2963 - CERT CVE
ID CVE-2010-2963
Sažetak drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.
Reference
CVSS
Base: 6.2
Impact: 10.0
Exploitability:1.9
Pristup
VektorSloženostAutentikacija
LOCAL HIGH NONE
Impact
PovjerljivostCjelovitostDostupnost
COMPLETE COMPLETE COMPLETE
CVSS vektor AV:L/AC:H/Au:N/C:C/I:C/A:C
Zadnje važnije ažuriranje 07-11-2023 - 02:05
Objavljeno 26-11-2010 - 19:00