PT-2017-4905 · Linux+2 · Linux Kernel+2

Eugene Teo

Publicado

2017-04-24

Atualizado

2026-03-13

CVE-2010-5321

CVSS v2.0

4.9

Média

Vetor

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.x through 4.x

Description: The issue is a memory leak in the videobuf subsystem, specifically in the drivers/media/video/videobuf-core.c file. This allows local users to cause a denial of service by consuming memory through a series of mmap calls that require new allocations, leveraging access to /dev/video. As of 2016-06-18, this affects only 11 drivers that have not been updated to use videobuf2 instead of videobuf.

Recommendations: For Linux kernel versions 2.6.x through 4.x, consider updating the affected drivers to use videobuf2 instead of videobuf to mitigate the risk of memory consumption. As a temporary workaround, restrict access to /dev/video to minimize the risk of exploitation.

Correção

DoS

Missing Release of Resource after Effective Lifetime

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-772

Identificadores relacionados

ALT-PU-2019-1437

ALT-PU-2019-1506

ALT-PU-2020-1198

ALT-PU-2020-1501

ALT-PU-2020-2410

ALT-PU-2020-2433

ALT-PU-2021-1870

CVE-2010-5321

ECHO-9C16-41B4-02FB

Produtos afetados

Alt Linux

Debian

Linux Kernel

PT-2017-4905 · Linux+2 · Linux Kernel+2

CVE-2010-5321

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17