Information disclosure in Linux kernel - CVE-2010-2803

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.

How to mitigate CVE-2010-2803

Sources

• http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commit;h=1b2f1489633888d4a06028315dc...
• http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commit;h=b9f0aee83335db1f3915f4e42a5...
• http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9f0aee83335db1f3915f4e4...
• http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
• http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html
• http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
• http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
• http://secunia.com/advisories/41512
• http://www.debian.org/security/2010/dsa-2094
• http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53
• http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21
• http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6
• http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4
• http://www.mandriva.com/security/advisories?name=MDVSA-2010:198
• http://www.redhat.com/support/errata/RHSA-2010-0842.html
• http://www.vupen.com/english/advisories/2010/2430
• http://www.vupen.com/english/advisories/2011/0298
• https://bugzilla.redhat.com/show_bug.cgi?id=621435