[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] kernel: thinkpad-acpi: lock down video output state access
From:       Eugene Teo <eugeneteo () kernel ! sg>
Date:       2010-06-23 2:55:05
Message-ID: 4C217789.1040707 () kernel ! sg
[Download RAW message or body]

Just a heads up. Not requesting a CVE name for this since it only affect 
certain thinkpads/xorg.

"Given the right combination of ThinkPad and X.org, just reading the 
video output control state is enough to hard-crash X.org.

Until the day I somehow find out a model or BIOS cut date to not provide 
this feature to ThinkPads that can do video switching through X RandR, 
change permissions so that only processes with CAP_SYS_ADMIN can access 
any sort of video output control state.

This bug could be considered a local DoS I suppose, as it allows any
non-privledged local user to cause some versions of X.org to hard-crash 
some ThinkPads."

Upstream commit:
http://git.kernel.org/linus/b525c06cdbd8a3963f0173ccd23f9147d4c384b5

Thanks, Eugene
-- 
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }
[prev in list] [next in list] [prev in thread] [next in thread]