Описание
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
A bug in the 32-bit compatibility layer of the ioctl handling code of the v4l2 video driver in the Linux kernel has been found. A memory protection mechanism ensuring that user-provided buffers always point to a userspace memory were disabled, allowing destination address to be in a kernel space. This flaw could be exploited by an attacker to overwrite a kernel memory from an unprivileged userspace process, leading to privilege escalation.
Меры по смягчению последствий
A systemtap script intercepting v4l2_compat_ioctl32() function of the [videodev] module and making it to return -ENOIOCTLCMD error value would work just fine, except breaking all 32bit video capturing software, but not 64bit ones. Alternatively, blacklisting [videodev] module will work too, but it will break all video capturing software.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | kernel | Will not fix | ||
| Red Hat Enterprise Linux 8 | kernel | Not affected | ||
| Red Hat Enterprise Linux 6 | kernel | Fixed | RHSA-2018:1319 | 08.05.2018 |
| Red Hat Enterprise Linux 7 | kernel-rt | Fixed | RHSA-2018:0676 | 10.04.2018 |
| Red Hat Enterprise Linux 7 | kernel | Fixed | RHSA-2018:1062 | 10.04.2018 |
| Red Hat Enterprise Linux 7 | kernel-alt | Fixed | RHSA-2018:2948 | 30.10.2018 |
| Red Hat Enterprise Linux 7.4 Extended Update Support | kernel | Fixed | RHSA-2018:1130 | 17.04.2018 |
| Red Hat Enterprise MRG 2 | kernel-rt | Fixed | RHSA-2018:1170 | 17.04.2018 |
Показывать по
Дополнительная информация
Статус:
7.8 High
CVSS3
Связанные уязвимости
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
An elevation of privilege vulnerability in the kernel v4l2 video drive ...
An elevation of privilege vulnerability in the kernel v4l2 video driver. Product: Android. Versions: Android kernel. Android ID A-34624167.
Security update for the Linux Kernel (Live Patch 27 for SLE 12)
7.8 High
CVSS3