Input validation error in Linux kernel - CVE-2011-1016
Published: February 28, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU45289
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2011-1016
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values.
How to mitigate CVE-2011-1016
Install update from vendor's website.
Sources
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fff1ce4dc6113b6fdc4e3a815ca5fd229408f8ef
- http://openwall.com/lists/oss-security/2011/02/24/11
- http://openwall.com/lists/oss-security/2011/02/24/3
- http://openwall.com/lists/oss-security/2011/02/25/4
- http://www.kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.38-rc5
- http://www.securityfocus.com/bid/46557
- https://bugzilla.redhat.com/show_bug.cgi?id=680000
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65691