Vigil@nce - Linux kernel: denial of service via thinkpad-acpi
November 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
When ThinkPad and X.org are used, a local attacker can stop the
system.
Severity: 1/4
Creation date: 29/11/2010
DESCRIPTION OF THE VULNERABILITY
The drivers/platform/x86/thinkpad_acpi.c file implements the ACPI
(Advanced Configuration and Power Interface) feature for Thinkpad
computers.
A local attacker can read the video configuration, via the X.org
configuration interface. The video_read() function is then called,
to access the Video Output Control State, which stops the kernel.
When ThinkPad and X.org are used, a local attacker can therefore
stop the system.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Linux-kernel-denial-of-service-via-thinkpad-acpi-10156