Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2010-2963 — Improper Input Validation in Kernel
Severity
6.2MEDIUMNVD
EPSS
0.1%
top 71.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedNov 26
Latest updateMay 13
Description
drivers/media/video/v4l2-compat-ioctl32.c in the Video4Linux (V4L) implementation in the Linux kernel before 2.6.36 on 64-bit platforms does not validate the destination of a memory copy operation, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via a VIDIOCSTUNER ioctl call on a /dev/video device, followed by a VIDIOCSMICROCODE ioctl call on this device.
CVSS vector
AV:L/AC:H/C:C/I:C/A:CExploitability: 1.9 | Impact: 10.0
Affected Packages4 packages
Also affects: Debian Linux 5.0, Ubuntu Linux 10.04, 10.10, 6.06, 8.04, 9.04, 9.10, Fedora 13