Vigil@nce: Linux kernel, denial of service of tvaudio
October 2008 by Vigil@nce
SYNTHESIS
A local attacker can stop the system by using the tvaudio driver.
Gravity: 1/4
Consequences: denial of service of computer
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 23/10/2008
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION
The drivers/media/video/tvaudio.c file implements the driver for
i2c chips handling TV sound. Unsupported features have a NULL
function pointer.
The VIDIOC_S_FREQUENCY changes the frequency of the radio tuner.
This ioctl does not check if the chip support the desc->setmode()
function before calling it. A NULL pointer is thus dereferenced,
which stops the kernel.
A local attacker can therefore create a denial of service.
CHARACTERISTICS
Identifiers: VIGILANCE-VUL-8199