| 1 |
Candidate: CVE-2007-3851
|
| 2 |
References:
|
| 3 |
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=21f16289270447673a7263ccc0b22d562fb01ecb
|
| 4 |
Description:
|
| 5 |
The drm/i915 component in the Linux kernel before 2.6.22.2, when used
|
| 6 |
with i965G and later chipsets, allows local users with access to an
|
| 7 |
X11 session and Direct Rendering Manager (DRM) to write to arbitrary
|
| 8 |
memory locations and gain privileges via a crafted batchbuffer.
|
| 9 |
Ubuntu-Description:
|
| 10 |
The Direct Rendering Manager for the i915 driver could be made to write
|
| 11 |
to arbitrary memory locations. An attacker with access to a running X11
|
| 12 |
session could send a specially crafted buffer and gain root privileges.
|
| 13 |
Notes:
|
| 14 |
jmm> Code was introduced after 2.6.18, but backported to Etch
|
| 15 |
Bugs:
|
| 16 |
upstream: released (2.6.22.2)
|
| 17 |
linux-2.6: released (2.6.22-4)
|
| 18 |
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/i965-secure-batchbuffer.patch]
|
| 19 |
2.6.8-sarge-security: N/A
|
| 20 |
2.4.27-sarge-security: N/A
|
| 21 |
2.6.15-dapper-security: N/A
|
| 22 |
2.6.17-edgy-security: released (2.6.17.1-12.40) [cc8e06db0f30d589b1bc6d164fadb28631f638b1]
|
| 23 |
2.6.20-feisty-security: released (2.6.20-16.31) [d475e30926c7d8337bc3008f42cae01da740ee12]
|
Parent Directory
| 
Revision Log