[elrepo] fglrx CVE-2015-7724

Stephen Isard 7p03xyr02 at sneakemail.com
Mon Apr 4 09:07:53 EDT 2016



On Mon, 4 Apr 2016, Manuel Wolfshant wolfy-at-nobugconsulting.ro |Scientific Linux| wrote:

> On 04/02/2016 06:51 PM, Stephen Isard wrote:
>> Wolfy,
>> 
>> I have dropped my fglrx driver and kernel module back to 14.12-1 in order 
>> to get a working version of X.  14.12-1 is vulnerable to the attack 
>> described in CVE-2015-7724,
>> (snip)
> Based on 
> https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2015-7724/ 
> , it does indeed look like the attacker needs to have access ( so as to 
> create the symlinks needed for the exploit to work ). If there are other 
> means of taking advantage of the security bug.. I do not know.

Thanks.  I realize that there are limits to your omniscience :-)

>> By the way, this machine has two monitors attached. Can you see any way in 
>> which that might be relevant to my problem with 15.12-1? 
> AFAIK it should not matter.  To me, your issue looks like a genuine 
> regression in the fglrx code.

The question occurred to me while I was away from the machine.  I have 
now tried disconnecting the second monitor and it makes no difference.

Stephen Isard


More information about the elrepo mailing list