Vulnerability Description
drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | < 2.6.36 |
| Fedoraproject | Fedora | 13 |
| Opensuse | Opensuse | 11.3 |
| Suse | Linux Enterprise Desktop | 11 |
| Suse | Linux Enterprise Real Time Extension | 11 |
| Suse | Linux Enterprise Server | 11 |
| Canonical | Ubuntu Linux | 9.10 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.hThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.htmlMailing ListThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlMailing ListThird Party Advisory
- http://secunia.com/advisories/42745Third Party Advisory
- http://secunia.com/advisories/42758Third Party Advisory
- http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36Broken Link
- http://www.redhat.com/support/errata/RHSA-2010-0842.htmlThird Party Advisory
- http://www.redhat.com/support/errata/RHSA-2010-0958.htmlThird Party Advisory
- http://www.securityfocus.com/bid/44067Third Party AdvisoryVDB Entry
- http://www.ubuntu.com/usn/USN-1041-1Third Party Advisory
- http://www.vupen.com/english/advisories/2010/3321Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0070Third Party Advisory
- http://www.vupen.com/english/advisories/2011/0298Third Party Advisory
FAQ
What is CVE-2010-2962?
CVE-2010-2962 is a vulnerability with a CVSS score of 7.2 (HIGH). drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly val...
How severe is CVE-2010-2962?
CVE-2010-2962 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-2962?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel, Fedoraproject Fedora, Opensuse Opensuse, Suse Linux Enterprise Desktop, Suse Linux Enterprise Real Time Extension.