CVE-2008-3831 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2008-3831
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2008-3831

Description: The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.

CVE Status: Candidate

References: UBUNTU http://www.ubuntu.com/usn/usn-679-1 http://www.ubuntu.com/usn/usn-659-1 SUNALERT http://sunsolve.sun.com/search/document.do?assetkey=1-26-245846-1 ST 1021065 SAID Secunia Advisory: SA32386 Secunia Advisory: SA32709 Secunia Advisory: SA32918 Secunia Advisory: SA33182 Secunia Advisory: SA33586 REDHAT http://www.redhat.com/support/errata/RHSA-2009-0009.html http://www.redhat.com/support/errata/RHSA-2008-1017.html MLIST http://archives.neohapsis.com/archives/openbsd/cvs/2008-10/0365.html MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2008:224 FEDORA DEBIAN http://www.debian.org/security/2008/dsa-1655 CONFIRM http://wiki.rpath.com/Advisories:rPSA-2008-0316 http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c.diff?r1=1.7;r2=1.8 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316 http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.diff.gz BUGTRAQ http://www.securityfocus.com/archive/1/archive/1/498285/100/0/threaded BID 31792

Return to the previous page.