SB2007081301 - Resource management errors in Linux kernel
Published: August 13, 2007
Security Bulletin ID
SB2007081301
CSH Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Resource management errors (CVE-ID: CVE-2007-3851)
CWE-ID: CWE-399 - Resource Management Errors
CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
The vulnerability allows a local user to execute arbitrary code.
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
Remediation
Install update from vendor's website.
References
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
- http://secunia.com/advisories/26389
- http://secunia.com/advisories/26450
- http://secunia.com/advisories/26500
- http://secunia.com/advisories/26643
- http://secunia.com/advisories/26664
- http://secunia.com/advisories/26760
- http://secunia.com/advisories/27227
- http://www.debian.org/security/2007/dsa-1356
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
- http://www.novell.com/linux/security/advisories/2007_51_kernel.html
- http://www.novell.com/linux/security/advisories/2007_53_kernel.html
- http://www.redhat.com/support/errata/RHSA-2007-0705.html
- http://www.securityfocus.com/bid/25263
- http://www.ubuntu.com/usn/usn-509-1
- http://www.ubuntu.com/usn/usn-510-1
- http://www.vupen.com/english/advisories/2007/2854
- https://issues.rpath.com/browse/RPL-1620
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196