Heap-based buffer overflow in Linux kernel - CVE-2013-0913

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error in Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products,. A remote attacker can use a crafted application that triggers many relocation copies to trigger heap-based buffer overflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2013-0913

Sources

• http://git.chromium.org/gitweb/?p=chromiumos/third_party/kernel.git;a=commit;h=c79efdf2b7f68f985922a8272d64269ecd490477
• http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html
• http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html
• http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
• http://openwall.com/lists/oss-security/2013/03/11/6
• http://openwall.com/lists/oss-security/2013/03/13/9
• http://openwall.com/lists/oss-security/2013/03/14/22
• http://rhn.redhat.com/errata/RHSA-2013-0744.html
• http://www.ubuntu.com/usn/USN-1809-1
• http://www.ubuntu.com/usn/USN-1811-1
• http://www.ubuntu.com/usn/USN-1812-1
• http://www.ubuntu.com/usn/USN-1813-1
• http://www.ubuntu.com/usn/USN-1814-1
• https://bugzilla.redhat.com/show_bug.cgi?id=920471
• https://code.google.com/p/chromium-os/issues/detail?id=39733
• https://gerrit.chromium.org/gerrit/45118
• https://lkml.org/lkml/2013/3/11/501