CVE-2010-2962

drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
canonicalCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 31%
VendorProductVersion
linuxlinux_kernel
𝑥
< 2.6.36
opensuseopensuse
11.3
canonicalubuntu_linux
9.10
canonicalubuntu_linux
10.04
canonicalubuntu_linux
10.10
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
maverick
not-affected
lucid
Fixed 2.6.32-27.49
released
karmic
Fixed 2.6.31-22.70
released
jaunty
ignored
hardy
not-affected
dapper
dne
linux-ec2
maverick
ignored
lucid
Fixed 2.6.32-311.23
released
karmic
Fixed 2.6.31-307.23
released
hardy
dne
dapper
dne
linux-fsl-imx51
maverick
dne
lucid
Fixed 2.6.31-608.22
released
karmic
Fixed 2.6.31-112.30
released
hardy
dne
dapper
dne
linux-lts-backport-maverick
maverick
dne
lucid
Fixed 2.6.35-25.44~lucid1
released
karmic
dne
hardy
dne
dapper
dne
linux-mvl-dove
maverick
Fixed 2.6.32-416.33
released
lucid
Fixed 2.6.32-216.33
released
karmic
ignored
hardy
dne
dapper
dne
linux-source-2.6.15
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
hardy
dne
dapper
not-affected
linux-ti-omap4
maverick
Fixed 2.6.35-903.22
released
lucid
dne
karmic
dne
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ce9d419dbecc292cc3e06e8b1d6d123d3fa813a4
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://secunia.com/advisories/42745
http://secunia.com/advisories/42758
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
http://www.redhat.com/support/errata/RHSA-2010-0842.html
http://www.redhat.com/support/errata/RHSA-2010-0958.html
http://www.securityfocus.com/bid/44067
http://www.ubuntu.com/usn/USN-1041-1
http://www.vupen.com/english/advisories/2010/3321
http://www.vupen.com/english/advisories/2011/0070
http://www.vupen.com/english/advisories/2011/0298
https://bugzilla.redhat.com/show_bug.cgi?id=637688
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ce9d419dbecc292cc3e06e8b1d6d123d3fa813a4
http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
http://secunia.com/advisories/42745
http://secunia.com/advisories/42758
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36
http://www.redhat.com/support/errata/RHSA-2010-0842.html
http://www.redhat.com/support/errata/RHSA-2010-0958.html
http://www.securityfocus.com/bid/44067
http://www.ubuntu.com/usn/USN-1041-1
http://www.vupen.com/english/advisories/2010/3321
http://www.vupen.com/english/advisories/2011/0070
http://www.vupen.com/english/advisories/2011/0298
https://bugzilla.redhat.com/show_bug.cgi?id=637688