CVE-2010-2803
Published: 19 August 2010
The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.
From the Ubuntu Security Team
Kees Cook discovered that under certain situations the ioctl subsystem for DRM did not properly sanitize its arguments. A local attacker could exploit this to read previously freed kernel memory, leading to a loss of privacy.
Notes
Author | Note |
---|---|
smb | No DRM for Hardy and Dapper. |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Not vulnerable
|
|
jaunty |
Released
(2.6.28-19.64)
|
|
karmic |
Released
(2.6.31-22.63)
|
|
lucid |
Released
(2.6.32-24.41)
|
|
maverick |
Released
(2.6.35-18.24)
|
|
upstream |
Released
(2.6.35.3)
|
|
Patches: jaunty: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-2803/patches/jaunty/linux/0001-drm-Initialize-ioctl-struct-when-no-user-data-is-prese.txt karmic: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-2803/patches/karmic/linux/0001-drm-Initialize-ioctl-struct-when-no-user-data-is-prese.txt lucid: http://chinstrap.ubuntu.com/~smb/CVEs/CVE-2010-2803/patches/lucid/linux/0001-drm-Initialize-ioctl-struct-when-no-user-data-is-prese.txt |
||
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-307.17)
|
|
lucid |
Released
(2.6.32-308.15)
|
|
maverick |
Ignored
(end of life)
|
|
upstream |
Needs triage
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-112.30)
|
|
lucid |
Released
(2.6.31-608.19)
|
|
maverick |
Does not exist
|
|
upstream |
Needs triage
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
karmic |
Released
(2.6.31-214.30)
|
|
lucid |
Released
(2.6.32-208.24)
|
|
maverick |
Not vulnerable
|
|
upstream |
Needs triage
|
|
linux-source-2.6.15 Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
|
hardy |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
upstream |
Not vulnerable
|