[elrepo] fglrx CVE-2015-7724
Stephen Isard
7p03xyr02 at sneakemail.com
Mon Apr 4 09:07:53 EDT 2016
On Mon, 4 Apr 2016, Manuel Wolfshant wolfy-at-nobugconsulting.ro |Scientific Linux| wrote:
> On 04/02/2016 06:51 PM, Stephen Isard wrote:
>> Wolfy,
>>
>> I have dropped my fglrx driver and kernel module back to 14.12-1 in order
>> to get a working version of X. 14.12-1 is vulnerable to the attack
>> described in CVE-2015-7724,
>> (snip)
> Based on
> https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-7724/
> , it does indeed look like the attacker needs to have access ( so as to
> create the symlinks needed for the exploit to work ). If there are other
> means of taking advantage of the security bug.. I do not know.
Thanks. I realize that there are limits to your omniscience :-)
>> By the way, this machine has two monitors attached. Can you see any way in
>> which that might be relevant to my problem with 15.12-1?
> AFAIK it should not matter. To me, your issue looks like a genuine
> regression in the fglrx code.
The question occurred to me while I was away from the machine. I have
now tried disconnecting the second monitor and it makes no difference.
Stephen Isard
More information about the elrepo
mailing list