Lucene search

K

[email protected]NVD:CVE-2008-3831

HistoryOct 20, 2008 - 5:59 p.m.

CVE-2008-3831

2008-10-2017:59:26

CWE-399

[email protected]

web.nvd.nist.gov

1

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl’s configuration.

Affected configurations

NVD

Node

linuxlinux_kernelMatch2.6.24

AND

debianlinux

OR

openbsdlinux

References

archives.neohapsis.com/archives/openbsd/cvs/2008-10/0365.html

secunia.com/advisories/32315

secunia.com/advisories/32386

secunia.com/advisories/32709

secunia.com/advisories/32918

secunia.com/advisories/33182

secunia.com/advisories/33586

security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.diff.gz

securitytracker.com/id?1021065

sunsolve.sun.com/search/document.do?assetkey=1-26-245846-1

wiki.rpath.com/Advisories:rPSA-2008-0316

wiki.rpath.com/wiki/Advisories:rPSA-2008-0316

www.debian.org/security/2008/dsa-1655

www.mandriva.com/security/advisories?name=MDVSA-2008:224

www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c

www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c.diff?r1=1.7%3Br2=1.8

www.redhat.com/support/errata/RHSA-2008-1017.html

www.redhat.com/support/errata/RHSA-2009-0009.html

www.securityfocus.com/archive/1/498285/100/0/threaded

www.securityfocus.com/bid/31792

www.ubuntu.com/usn/usn-659-1

www.ubuntu.com/usn/usn-679-1

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11542

www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html

www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html

4.7 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

4.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

10.1%

Related for NVD:CVE-2008-3831

ubuntucve1 cvelist1 cve1 seebug1 prion1 veracode1 openvas28 nessus11 centos1 redhat2 oraclelinux2 securityvulns2 osv1 debian1 fedora6 suse1 ubuntu2