CVE-2010-2962

Sažetak

drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=637688
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html
http://www.redhat.com/support/errata/RHSA-2010-0842.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html
http://www.vupen.com/english/advisories/2010/3321
http://secunia.com/advisories/42745
http://www.redhat.com/support/errata/RHSA-2010-0958.html
http://secunia.com/advisories/42758
http://www.securityfocus.com/bid/44067
http://www.ubuntu.com/usn/USN-1041-1
http://www.vupen.com/english/advisories/2011/0070
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://www.vupen.com/english/advisories/2011/0298
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ce9d419dbecc292cc3e06e8b1d6d123d3fa813a4

CVSS

Base:	7.2
Impact:	10.0
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	COMPLETE	COMPLETE

CVSS vektor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Zadnje važnije ažuriranje

07-11-2023 - 02:05

Objavljeno

26-11-2010 - 19:00