#VU45289 Input validation error in Linux kernel - CVE-2011-1016
Published: February 28, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45289
Vulnerability risk: High
CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2011-1016
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values.
Remediation
Install update from vendor's website.
External links
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fff1ce4dc6113b6fdc4e3a815ca5fd229408f8ef
- http://openwall.com/lists/oss-security/2011/02/24/11
- http://openwall.com/lists/oss-security/2011/02/24/3
- http://openwall.com/lists/oss-security/2011/02/25/4
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5
- http://www.securityfocus.com/bid/46557
- https://bugzilla.redhat.com/show_bug.cgi?id=680000
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65691