Privilege escalation in NetBSD - #VU8197

Vulnerability identifier: #VU8197

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: N/A

CWE-ID: CWE-119

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: NetBSD Foundation, Inc

Affected software:
NetBSD

The vulnerability allows a local user to escalate privileges on graphics console.

The vulnerability exists due to a boundary error within WSDISPLAYIO_GETCMAP and WSDISPLAYIO_PUTCMAP ioctls. A local user with access to /dev/ttyE* (is logged in) can read and write arbitrary data to kernel memory.

Successful exploitation of the vulnerability may allow an attacker to gain root access to the affected system.

Update the kernel with one built from source past the fix date.
There are no workarounds besides the obvious not allowing untrusted users
at the console.

Affected source files fix versions
+++++++++++++++++++++++++++++++++++++ HEAD ++ -8 ++++++++++++++++++++++++++
sys/arch/ews4800mips/sbd/fb_sbdio.c   1.16   1.15.10.1
sys/arch/pmax/ibus/pm.c               1.13   1.12.22.1
sys/dev/hpc/bivideo.c                 1.34   1.33.30.1
sys/dev/ic/sti.c                      1.19   1.18.20.1
++++++++++++++++++++++++++++++++++++++ -7 +++++++ -7-1 +++++ -7-0 +++++++++
sys/arch/ews4800mips/sbd/fb_sbdio.c   1.13.4.2   1.13.4.1.6.1  1.13.4.1.2.1
sys/arch/pmax/ibus/pm.c               1.12.4.1   1.12.16.1  1.12.8.1
sys/dev/hpc/bivideo.c                 1.33.12.1  1.33.24.1  1.33.16.1
sys/dev/ic/sti.c                      1.18.2.1   1.18.14.1  1.18.6.1
++++++++++++++++++++++++++++++++++++++ -6 +++++++ -6-1 +++++ -6-0 +++++++++
sys/arch/ews4800mips/sbd/fb_sbdio.c   1.12.2.1   1.12.16.1  1.12.8.1
sys/arch/pmax/ibus/pm.c               1.11.2.1   1.11.16.1  1.11.8.1
sys/dev/hpc/bivideo.c                 1.32.14.1  1.32.22.1  1.32.20.1
sys/dev/ic/sti.c                      1.16.8.2   1.16.22.1  1.16.14.1

• http://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2017-004.txt.asc