1. Home
  2. CVE Database
  3. CVE-2008-3831
MEDIUM · 4.7

CVE-2008-3831

The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Dir...

Vulnerability Description

The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.

CVSS Score

4.7

MEDIUM

AV:L/AC:M/Au:N/C:N/I:N/A:C
Confidentiality
NONE
Integrity
NONE
Availability
COMPLETE

Affected Products

VendorProductVersions
LinuxLinux Kernel2.6.24
DebianLinuxAll versions
OpenbsdLinuxAll versions

Related Weaknesses (CWE)

CWE-399

References

FAQ

What is CVE-2008-3831?

CVE-2008-3831 is a vulnerability with a CVSS score of 4.7 (MEDIUM). The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Dir...

How severe is CVE-2008-3831?

CVE-2008-3831 has been rated MEDIUM with a CVSS base score of 4.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-3831?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Debian Linux, Openbsd Linux.