blob: 24883f4b30d7f34967ef19d1a68dd2a390e14bb9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
Candidate: CVE-2007-3851
References:
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21f16289270447673a7263ccc0b22d562fb01ecb
Description:
The drm/i915 component in the Linux kernel before 2.6.22.2, when used
with i965G and later chipsets, allows local users with access to an
X11 session and Direct Rendering Manager (DRM) to write to arbitrary
memory locations and gain privileges via a crafted batchbuffer.
Ubuntu-Description:
The Direct Rendering Manager for the i915 driver could be made to write
to arbitrary memory locations. An attacker with access to a running X11
session could send a specially crafted buffer and gain root privileges.
Notes:
jmm> Code was introduced after 2.6.18, but backported to Etch
Bugs:
upstream: released (2.6.22.2)
linux-2.6: released (2.6.22-4)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/i965-secure-batchbuffer.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security: N/A
2.6.17-edgy-security: released (2.6.17.1-12.40) [cc8e06db0f30d589b1bc6d164fadb28631f638b1]
2.6.20-feisty-security: released (2.6.20-16.31) [d475e30926c7d8337bc3008f42cae01da740ee12]
|