Linux Kernel Framebuffer Driver fb_copy_cmap DoS

2004-04-28T03:42:34
ID OSVDB:5697
Type osvdb
Reporter Arjan van de Ven()
Modified 2004-04-28T03:42:34

Description

Vulnerability Description

Linux kernel framebuffer driver contains a flaw that may allow a local denial of service. The function fb_copy_cmap() allows data to be copied directly to userspace instead of using correct interface. The issue is triggered when the copied data violates the userspace boundary, and will result in loss of availability.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, SuSE, Fedora and Mandrake has released a patch to address this vulnerability.

Short Description

Linux kernel framebuffer driver contains a flaw that may allow a local denial of service. The function fb_copy_cmap() allows data to be copied directly to userspace instead of using correct interface. The issue is triggered when the copied data violates the userspace boundary, and will result in loss of availability.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Secunia Advisory ID:11486 Secunia Advisory ID:12003 Other Advisory URL: http://fedoranews.org/updates/FEDORA-2004-111.shtml Other Advisory URL: http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:037 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200407-02.xml ISS X-Force ID: 15974 CVE-2004-0229 Bugtraq ID: 10211