Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2010-2962

Published: 26 November 2010

drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations.

From the Ubuntu Security Team

Kees Cook discovered that the Intel i915 graphics driver did not correctly validate memory regions. A local attacker with access to the video card could read and write arbitrary kernel memory to gain root privileges.

Notes

AuthorNote
kees
jaunty's code is a bit different, but at least half looks to still apply.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Not vulnerable

jaunty Ignored
(end of life)
karmic
Released (2.6.31-22.70)
lucid
Released (2.6.32-27.49)
maverick Not vulnerable

upstream
Released (2.6.36~rc7)
Patches:
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=ce9d419dbecc292cc3e06e8b1d6d123d3fa813a4
upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=7dcd2499deab8f10011713c40bc2f309c9b65077
karmic: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-2962/patches/karmic/linux/0001-drm-i915-Sanity-check-pread-pwrite.txt
karmic: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-2962/patches/karmic/linux/0002-drm-i915-Rephrase-pwrite-bounds-checking-to-avoid-any-.txt
lucid: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-2962/patches/lucid/linux/0001-drm-i915-Sanity-check-pread-pwrite.txt
lucid: http://chinstrap.ubuntu.com/~ogasawara/CVEs/CVE-2010-2962/patches/lucid/linux/0002-drm-i915-Rephrase-pwrite-bounds-checking-to-avoid-any-.txt
linux-ec2
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-307.23)
lucid
Released (2.6.32-311.23)
maverick Ignored
(end of life)
upstream
Released (2.6.36~rc7)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic
Released (2.6.31-112.30)
lucid
Released (2.6.31-608.22)
maverick Does not exist

upstream
Released (2.6.36~rc7)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid
Released (2.6.35-25.44~lucid1)
maverick Does not exist

upstream
Released (2.6.36~rc7)
linux-mvl-dove
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Ignored
(end of life)
lucid
Released (2.6.32-216.33)
maverick
Released (2.6.32-416.33)
upstream
Released (2.6.36~rc7)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
dapper Not vulnerable

hardy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Does not exist

maverick Does not exist

upstream
Released (2.6.36~rc7)
linux-ti-omap4
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

karmic Does not exist

lucid Does not exist

maverick
Released (2.6.35-903.22)
upstream
Released (2.6.36~rc7)