projects / kconfig-hardened-check.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 5c67369) | patch
Recommend disabling VIDEO_VIVID
authorAlexander Popov <alex.popov@linux.com>
Sat, 11 Jan 2020 12:05:11 +0000 (15:05 +0300)
committerAlexander Popov <alex.popov@linux.com>
Sat, 11 Jan 2020 12:05:11 +0000 (15:05 +0300)
commit981bd163fa19fccbc5ce5d4182e639d67e484475
treebfbb45cf196af3266a49b8a211aa43b07139054ctree | snapshot (zip tar.gz)
parent5c67369249f22690efe4c96c54ef6b0bd0496c13commit | diff
Recommend disabling VIDEO_VIVID

The vivid driver is for testing. It doesn't require any special hardware.
It is shipped in Ubuntu, Debian, Arch Linux, SUSE Linux Enterprise and openSUSE.
On Ubuntu the devices created by this driver are available to the normal user,
since Ubuntu applies RW ACL when the user is logged in.

See the disclosure of CVE-2019-18683 which I've found and fixed in vivid driver:
https://www.openwall.com/lists/oss-security/2019/11/02/1
README.md diff | blob | history
kconfig-hardened-check.py diff | blob | history
kconfig-hardened-check