Vulnerability Description
Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms allows local users to cause a denial of service (out-of-bounds write) or possibly have unspecified other impact via a crafted ioctl call.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | <= 3.3.4 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://marc.info/?l=bugtraq&m=139447903326211&w=2
- http://rhn.redhat.com/errata/RHSA-2012-1156.html
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5
- http://www.openwall.com/lists/oss-security/2012/05/22/8
- http://www.securityfocus.com/bid/53971
- https://bugzilla.redhat.com/show_bug.cgi?id=824176
- https://github.com/torvalds/linux/commit/ed8cd3b2cd61004cab85380c52b1817aca1ca49ExploitPatch
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=
- http://marc.info/?l=bugtraq&m=139447903326211&w=2
- http://rhn.redhat.com/errata/RHSA-2012-1156.html
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.3.5
- http://www.openwall.com/lists/oss-security/2012/05/22/8
- http://www.securityfocus.com/bid/53971
- https://bugzilla.redhat.com/show_bug.cgi?id=824176
FAQ
What is CVE-2012-2383?
CVE-2012-2383 is a vulnerability with a CVSS score of 4.9 (MEDIUM). Integer overflow in the i915_gem_execbuffer2 function in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit platforms...
How severe is CVE-2012-2383?
CVE-2012-2383 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2383?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.