CVE-2010-2963

2010-11-2619:00:06

CWE-20

[email protected]

web.nvd.nist.gov

CVSS2

6.2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:H/Au:N/C:C/I:C/A:C

AI Score

7.5

Confidence

High

EPSS

Percentile

0.4%

JSON

drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.

Affected configurations

Nvd

Node

linuxlinux_kernelRange<2.6.36x64

Node

fedoraprojectfedoraMatch13

Node

opensuseopensuseMatch11.2

opensuseopensuseMatch11.3

suselinux_enterprise_desktopMatch11sp1

suselinux_enterprise_serverMatch11sp1

Node

debiandebian_linuxMatch5.0

Node

canonicalubuntu_linuxMatch6.06

canonicalubuntu_linuxMatch8.04-

canonicalubuntu_linuxMatch9.04

canonicalubuntu_linuxMatch9.10

canonicalubuntu_linuxMatch10.04-

canonicalubuntu_linuxMatch10.10

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:x64:*
fedoraprojectfedora13cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
opensuseopensuse11.2cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
opensuseopensuse11.3cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
suselinux_enterprise_desktop11cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*
suselinux_enterprise_server11cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
debiandebian_linux5.0cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
canonicalubuntu_linux6.06cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
canonicalubuntu_linux9.04cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel:::::::x64:*
fedoraproject	fedora	13	cpe:2.3:o:fedoraproject:fedora:13:::::::*
opensuse	opensuse	11.2	cpe:2.3:o:opensuse:opensuse:11.2:::::::*
opensuse	opensuse	11.3	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
suse	linux_enterprise_desktop	11	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
suse	linux_enterprise_server	11	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::
debian	debian_linux	5.0	cpe:2.3:o:debian:debian_linux:5.0:::::::*
canonical	ubuntu_linux	6.06	cpe:2.3:o:canonical:ubuntu_linux:6.06:::::::*
canonical	ubuntu_linux	8.04	cpe:2.3:o:canonical:ubuntu_linux:8.04::::-:::
canonical	ubuntu_linux	9.04	cpe:2.3:o:canonical:ubuntu_linux:9.04:::::::*