Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 23 Jun 2010 10:55:05 +0800
From: Eugene Teo <>
Subject: kernel: thinkpad-acpi: lock down video output state access

Just a heads up. Not requesting a CVE name for this since it only affect 
certain thinkpads/xorg.

"Given the right combination of ThinkPad and, just reading the 
video output control state is enough to hard-crash

Until the day I somehow find out a model or BIOS cut date to not provide 
this feature to ThinkPads that can do video switching through X RandR, 
change permissions so that only processes with CAP_SYS_ADMIN can access 
any sort of video output control state.

This bug could be considered a local DoS I suppose, as it allows any
non-privledged local user to cause some versions of to hard-crash 
some ThinkPads."

Upstream commit:

Thanks, Eugene
main(i) { putchar(182623909 >> (i-1) * 5&31|!!(i<7)<<6) && main(++i); }

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ