CVE-2010-2963

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 2.6.36

Description The issue concerns a memory copy operation in the Video4Linux (V4L) implementation that does not validate the destination, allowing local users to write to arbitrary kernel memory locations and gain privileges. This can be achieved via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.

Recommendations For Linux kernel versions prior to 2.6.36, update to version 2.6.36 or later to resolve the issue.