From: Alexander Popov <alex.popov@linux.com>
Date: Sat, 11 Jan 2020 12:05:11 +0000 (+0300)
Subject: Recommend disabling VIDEO_VIVID
X-Git-Tag: v0.5.5~48
X-Git-Url: https://jxself.org/git/?a=commitdiff_plain;h=981bd163fa19fccbc5ce5d4182e639d67e484475;hp=981bd163fa19fccbc5ce5d4182e639d67e484475;p=kconfig-hardened-check.git

Recommend disabling VIDEO_VIVID

The vivid driver is for testing. It doesn't require any special hardware.
It is shipped in Ubuntu, Debian, Arch Linux, SUSE Linux Enterprise and openSUSE.
On Ubuntu the devices created by this driver are available to the normal user,
since Ubuntu applies RW ACL when the user is logged in.

See the disclosure of CVE-2019-18683 which I've found and fixed in vivid driver:
https://www.openwall.com/lists/oss-security/2019/11/02/1
---