[elrepo] fglrx CVE-2015-7724
Stephen Isard
7p03xyr02 at sneakemail.com
Sat Apr 2 11:51:43 EDT 2016
Wolfy,
I have dropped my fglrx driver and kernel module back to 14.12-1 in
order to get a working version of X. 14.12-1 is vulnerable to the
attack described in CVE-2015-7724, but if I'm interpreting the cve
correctly, it looks as if an attacker needs to get into the machine
in order to exploit the vulnerability. This is a single user machine,
and if an attacker has got to the point of being able to install files,
I am already in trouble. So it seems as if the added risk from running
the out of date drivers is not very great. Do you think that that is a
correct assessment? Obviously it would be better to use a driver
without the vulnerability, but I don't seem to have that choice at the
moment.
By the way, this machine has two monitors attached. Can you see any way
in which that might be relevant to my problem with 15.12-1?
Thanks,
Stephen Isard
More information about the elrepo
mailing list