The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Linux_kernel | Linux | * | 2.6.22.1 (including) |
| Red Hat Enterprise Linux 5 | RedHat | kernel-0:2.6.18-8.1.10.el5 | * |
| Linux-source-2.6.17 | Ubuntu | edgy | * |
| Linux-source-2.6.20 | Ubuntu | feisty | * |
| Linux-source-2.6.22 | Ubuntu | devel | * |
References
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
- http://secunia.com/advisories/26389
- http://secunia.com/advisories/26450
- http://secunia.com/advisories/26500
- http://secunia.com/advisories/26643
- http://secunia.com/advisories/26664
- http://secunia.com/advisories/26760
- http://secunia.com/advisories/27227
- http://www.debian.org/security/2007/dsa-1356
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
- http://www.novell.com/linux/security/advisories/2007_51_kernel.html
- http://www.novell.com/linux/security/advisories/2007_53_kernel.html
- http://www.redhat.com/support/errata/RHSA-2007-0705.html
- http://www.securityfocus.com/bid/25263
- http://www.ubuntu.com/usn/usn-509-1
- http://www.ubuntu.com/usn/usn-510-1
- http://www.vupen.com/english/advisories/2007/2854
- https://issues.rpath.com/browse/RPL-1620
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
- http://secunia.com/advisories/26389
- http://secunia.com/advisories/26450
- http://secunia.com/advisories/26500
- http://secunia.com/advisories/26643
- http://secunia.com/advisories/26664
- http://secunia.com/advisories/26760
- http://secunia.com/advisories/27227
- http://www.debian.org/security/2007/dsa-1356
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
- http://www.novell.com/linux/security/advisories/2007_51_kernel.html
- http://www.novell.com/linux/security/advisories/2007_53_kernel.html
- http://www.redhat.com/support/errata/RHSA-2007-0705.html
- http://www.securityfocus.com/bid/25263
- http://www.ubuntu.com/usn/usn-509-1
- http://www.ubuntu.com/usn/usn-510-1
- http://www.vupen.com/english/advisories/2007/2854
- https://issues.rpath.com/browse/RPL-1620
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196