Improper input validation in Linux kernel - CVE-2004-1056
Published: January 10, 2005 / Updated: October 11, 2017
Vulnerability identifier: #VU95643
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2004-1056
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to manipulate or delete data.
Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not properly check the DMA lock, which could allow remote attackers or local users to cause a denial of service (X Server crash) and possibly modify the video output.
How to mitigate CVE-2004-1056
Install update from vendor's repository.
Sources
- http://secunia.com/advisories/17002
- http://www.redhat.com/support/errata/RHSA-2005-092.html
- http://www.redhat.com/support/errata/RHSA-2005-529.html
- http://www.redhat.com/support/errata/RHSA-2005-551.html
- http://www.redhat.com/support/errata/RHSA-2005-663.html
- http://www.vupen.com/english/advisories/2005/1878
- https://bugzilla.fedora.us/show_bug.cgi?id=2336
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15972
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9795
- https://www.ubuntu.com/usn/usn-38-1/