Lucene search

[email protected]CVE-2008-3831

HistoryOct 20, 2008 - 5:59 p.m.

CVE-2008-3831

2008-10-2017:59:26

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-3831

i915 driver

linux kernel 2.6.24

denial of service

memory corruption

nvd

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl’s configuration.

Affected configurations

NVD

Node

linuxlinux_kernelMatch2.6.24

AND

debianlinux

openbsdlinux

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.24

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.24

References

archives.neohapsis.com/archives/openbsd/cvs/2008-10/0365.html

secunia.com/advisories/32315

secunia.com/advisories/32386

secunia.com/advisories/32709

secunia.com/advisories/32918

secunia.com/advisories/33182

secunia.com/advisories/33586

security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.diff.gz

securitytracker.com/id?1021065

sunsolve.sun.com/search/document.do?assetkey=1-26-245846-1

wiki.rpath.com/Advisories:rPSA-2008-0316

wiki.rpath.com/wiki/Advisories:rPSA-2008-0316

www.debian.org/security/2008/dsa-1655

www.mandriva.com/security/advisories?name=MDVSA-2008:224

www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c

www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c.diff?r1=1.7%3Br2=1.8

www.redhat.com/support/errata/RHSA-2008-1017.html

www.redhat.com/support/errata/RHSA-2009-0009.html

www.securityfocus.com/archive/1/498285/100/0/threaded

www.securityfocus.com/bid/31792

www.ubuntu.com/usn/usn-659-1

www.ubuntu.com/usn/usn-679-1

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11542

www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html

www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

4.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

JSON

Related for CVE-2008-3831

ubuntucve1 cvelist1 nvd1 seebug1 prion1 veracode1 openvas28 nessus11 centos1 redhat2 oraclelinux2 securityvulns2 osv1 debian1 fedora6 suse1 ubuntu2