vulnerability alert CVE-2009-1763

Solaris: memory corruption via sdhost

Synthesis of the vulnerability

An attacker can use a SD memory card in order to corrupt the memory of the Solaris kernel.

Severity: 2/4. Creation date: 22/05/2009.

Description of the vulnerability

A SD memory card is for example used in a camera. Some x86 computers have a SD slot to connect these cards. The sdhost driver of Solaris (usr/src/uts/common/io/sdcard/adapters/sdhost/sdhost.c) implements the support of these memory cards. The Ricoh R5C822 adapter requires non standard DMA (Direct Memory Access) parameters. Parameters used in sdhost.c incorrectly define the memory area. An attacker can then directly access to the kernel memory. A local attacker can thus alter a memory area in order to elevate his privileges.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: Solaris: memory corruption via sdhost. Keywords: Access DMA Direct Memory R5C822 Ricoh Solaris corruption memory sdhost x86. Identifiers: 259408, 6797937, BID-35069, CVE-2009-1763, VIGILANCE-VUL-8731.

Information sources

Publications and announces Source example: A Security Vulnerability in the Solaris Secure Digital Slot Driver (sdhost(7D)) May Allow Corruption of Kernel Memory and Memory Card Contents

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer applications vulnerability