Published: 20/10/2008 Updated: 13/02/2023

CVSS v2 Base Score: 4.7 | Impact Score: 6.9 | Exploitability Score: 3.4

VMScore: 418

Vector: AV:L/AC:M/Au:N/C:N/I:N/A:C

The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linux linux_kernel 2.6.24

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that fix several security issues and several bugsare now available for Red Hat Enterprise MRG 10This update has been rated as having important security impact by the RedHat Secur ...

Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Topic Updated kernel packages that resolve several security issues and fixvarious bugs are now available for Red Hat Enterprise Linux 5This update has been rated as having important security impact by the RedH ...

Several vulnerabilities have been discovered in the Linux kernel that may lead to a denial of service, privilege escalation or a leak of sensitive data The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-1514 Jan Kratochvil reported a local denial of service vulnerability in the ptrace interface fo ...

It was discovered that the direct-IO subsystem did not correctly validate certain structures A local attacker could exploit this to cause a system crash, leading to a denial of service (CVE-2007-6716) ...

It was discovered that the Xen hypervisor block driver did not correctly validate requests A user with root privileges in a guest OS could make a malicious IO request with a large number of blocks that would crash the host OS, leading to a denial of service This only affected Ubuntu 710 (CVE-2007-5498) ...

CWE-399 http://security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.diff.gz http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c http://securitytracker.com/id?1021065 http://archives.neohapsis.com/archives/openbsd/cvs/2008-10/0365.html http://www.securityfocus.com/bid/31792 http://www.debian.org/security/2008/dsa-1655 http://www.ubuntu.com/usn/usn-659-1 http://secunia.com/advisories/32386 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:224 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0316 http://secunia.com/advisories/32709 http://www.ubuntu.com/usn/usn-679-1 http://secunia.com/advisories/32918 http://wiki.rpath.com/Advisories:rPSA-2008-0316 http://www.redhat.com/support/errata/RHSA-2008-1017.html http://secunia.com/advisories/33182 http://www.redhat.com/support/errata/RHSA-2009-0009.html http://secunia.com/advisories/33586 http://sunsolve.sun.com/search/document.do?assetkey=1-26-245846-1 http://secunia.com/advisories/32315 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11542 http://www.securityfocus.com/archive/1/498285/100/0/threaded http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c.diff?r1=1.7%3Br2=1.8 https://access.redhat.com/errata/RHSA-2009:0009 https://www.debian.org/security/./dsa-1655 https://nvd.nist.gov https://usn.ubuntu.com/659-1/

CVE-2008-3831

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect