diff options
author | Kees Cook <kees@outflux.net> | 2007-08-31 18:18:07 +0000 |
---|---|---|
committer | Kees Cook <kees@outflux.net> | 2007-08-31 18:18:07 +0000 |
commit | b8ebb0ef35d4a1636320467b58b83002e4670ed7 (patch) | |
tree | 7846c476b30e5554ebe59b153607636d9d6eccd1 /retired/CVE-2007-3851 | |
parent | 9fc54c900258773b07f2bb7e17fc557db96bef27 (diff) |
retiring inactive CVEs
git-svn-id: svn+ssh://svn.debian.org/svn/kernel-sec@939 e094ebfe-e918-0410-adfb-c712417f3574
Diffstat (limited to 'retired/CVE-2007-3851')
-rw-r--r-- | retired/CVE-2007-3851 | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/retired/CVE-2007-3851 b/retired/CVE-2007-3851 new file mode 100644 index 00000000..16642a96 --- /dev/null +++ b/retired/CVE-2007-3851 @@ -0,0 +1,23 @@ +Candidate: CVE-2007-3851 +References: + http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21f16289270447673a7263ccc0b22d562fb01ecb +Description: + The drm/i915 component in the Linux kernel before 2.6.22.2, when used + with i965G and later chipsets, allows local users with access to an + X11 session and Direct Rendering Manager (DRM) to write to arbitrary + memory locations and gain privileges via a crafted batchbuffer. +Ubuntu-Description: + The Direct Rendering Manager for the i915 driver could be made to write + to arbitrary memory locations. An attacker with access to a running X11 + session could send a specially crafted buffer and gain root privileges. +Notes: + jmm> Code was introduced after 2.6.18, but backported to Etch +Bugs: +upstream: released (2.6.22.2) +linux-2.6: +2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/i965-secure-batchbuffer.patch] +2.6.8-sarge-security: N/A +2.4.27-sarge-security: N/A +2.6.15-dapper-security: N/A +2.6.17-edgy-security: released (2.6.17.1-12.40) [cc8e06db0f30d589b1bc6d164fadb28631f638b1] +2.6.20-feisty-security: released (2.6.20-16.31) [d475e30926c7d8337bc3008f42cae01da740ee12] |