Vulnerabilities

CVE-2013-1928

by Fred · 29/04/2013

The do_video_set_spu_palette function in fs/compat_ioctl.c in the Linux kernel before 3.6.5 on unspecified architectures lacks a certain error check, which might allow local users to obtain sensitive information from kernel stack memory via a crafted VIDEO_SET_SPU_PALETTE ioctl call on a /dev/dvb device.

Date published : 2013-04-29

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=12176503366885edd542389eed3aaf94be163fdb

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.6.5

Related

Tags: Cybersecurity Alert