Resource management errors in Linux kernel - CVE-2007-3851
Published: August 13, 2007 / Updated: September 29, 2017
Vulnerability identifier: #VU92865
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2007-3851
CWE-ID: CWE-399
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Linux Foundation
Affected software:
Linux kernel
Linux kernel
Detailed vulnerability description
The vulnerability allows a local user to execute arbitrary code.
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
How to mitigate CVE-2007-3851
Install update from vendor's repository.
Sources
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
- http://secunia.com/advisories/26389
- http://secunia.com/advisories/26450
- http://secunia.com/advisories/26500
- http://secunia.com/advisories/26643
- http://secunia.com/advisories/26664
- http://secunia.com/advisories/26760
- http://secunia.com/advisories/27227
- http://www.debian.org/security/2007/dsa-1356
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
- http://www.novell.com/linux/security/advisories/2007_51_kernel.html
- http://www.novell.com/linux/security/advisories/2007_53_kernel.html
- http://www.redhat.com/support/errata/RHSA-2007-0705.html
- http://www.securityfocus.com/bid/25263
- http://www.ubuntu.com/usn/usn-509-1
- http://www.ubuntu.com/usn/usn-510-1
- http://www.vupen.com/english/advisories/2007/2854
- https://issues.rpath.com/browse/RPL-1620
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196