Vulnerabilities > CVE-2011-1070 - Incorrect Authorization vulnerability in multiple products

CVSS 7.8 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

local

low complexity

v86d-project

debian

CWE-863

NVD

Published: 2019-11-14

Updated: 2020-08-18

Summary

v86d before 0.1.10 do not verify if received netlink messages are sent by the kernel. This could allow unprivileged users to manipulate the video mode and potentially other consequences.

Vulnerable Configurations

Part	Description	Count
Application	V86D_Project V86D Project V86D 0.1.1 V86D Project V86D 0.1.2 V86D Project V86D 0.1.3 V86D Project V86D 0.1.7 V86D Project V86D 0.1.8 V86D Project V86D 0.1.9	6
OS	Debian Debian Debian Linux 8.0 Debian Debian Linux 9.0 Debian Debian Linux 10.0	3

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://security-tracker.debian.org/tracker/CVE-2011-1070
https://seclists.org/oss-sec/2011/q1/315
https://access.redhat.com/security/cve/cve-2011-1070