Bug 1035720 - (CVE-2007-6761) VUL-0: CVE-2007-6761: kernel-source: drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures
(CVE-2007-6761)
VUL-0: CVE-2007-6761: kernel-source: drivers/media/video/videobuf-vmalloc.c i...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv2:SUSE:CVE-2007-6761:2.6:(AV:L/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2017-04-24 12:57 UTC by Mikhail Kasimov
Modified: 2017-10-24 14:40 UTC (History)
3 users (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Mikhail Kasimov 2017-04-24 12:57:17 UTC
Ref: https://nvd.nist.gov/vuln/detail/CVE-2007-6761
====================================================
Description

drivers/media/video/videobuf-vmalloc.c in the Linux kernel before 2.6.24 does not initialize videobuf_mapping data structures, which allows local users to trigger an incorrect count value and videobuf leak via unspecified vectors, a different vulnerability than CVE-2010-5321.

Source:  MITRE      Last Modified:  04/24/2017
====================================================

Hyperlink:

[1] http://www.linuxgrill.com/anonymous/kernel/v2.6/ChangeLog-2.6.24

[2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827340

[3] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0b29669c065f60501e7289e1950fa2a618962358

[4] https://github.com/torvalds/linux/commit/0b29669c065f60501e7289e1950fa2a618962358

Please, check, if it is actual for (open-)SUSE supported kernel-branches.
Comment 1 Takashi Iwai 2017-04-24 14:04:15 UTC
At most only SLE10-SP3/SP4.  SLE11 and newer already have the fix.
Comment 4 Swamp Workflow Management 2017-05-17 08:26:34 UTC
An update workflow for this issue was started.
This issue was rated as important.
Please submit fixed packages until 2017-05-24.
When done, reassign the bug to security-team@suse.de.
https://swamp.suse.de/webswamp/wf/63611
Comment 5 Marcus Meissner 2017-10-24 10:40:12 UTC
released