Lucene search

[email protected]CVE-2008-3831

HistoryOct 20, 2008 - 5:59 p.m.

CVE-2008-3831

2008-10-2017:59:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2008-3831

i915 driver

linux kernel 2.6.24

denial of service

memory corruption

nvd

4.7 Medium

AI Score

Confidence

High

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON

The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl’s configuration.

CPENameOperatorVersion
linux:linux_kernellinux linux kerneleq2.6.24

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	eq	2.6.24

References

archives.neohapsis.com/archives/openbsd/cvs/2008-10/0365.html

secunia.com/advisories/32315

secunia.com/advisories/32386

secunia.com/advisories/32709

secunia.com/advisories/32918

secunia.com/advisories/33182

secunia.com/advisories/33586

security.debian.org/pool/updates/main/l/linux-2.6.24/linux-2.6.24_2.6.24-6~etchnhalf.6.diff.gz

securitytracker.com/id?1021065

sunsolve.sun.com/search/document.do?assetkey=1-26-245846-1

wiki.rpath.com/Advisories:rPSA-2008-0316

wiki.rpath.com/wiki/Advisories:rPSA-2008-0316

www.debian.org/security/2008/dsa-1655

www.mandriva.com/security/advisories?name=MDVSA-2008:224

www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c

www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c.diff?r1=1.7%3Br2=1.8

www.redhat.com/support/errata/RHSA-2008-1017.html

www.redhat.com/support/errata/RHSA-2009-0009.html

www.securityfocus.com/archive/1/498285/100/0/threaded

www.securityfocus.com/bid/31792

www.ubuntu.com/usn/usn-659-1

www.ubuntu.com/usn/usn-679-1

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11542

www.redhat.com/archives/fedora-package-announce/2008-October/msg00689.html

www.redhat.com/archives/fedora-package-announce/2008-October/msg00693.html

4.7 Medium

AI Score

Confidence

High

4.7 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:N/I:N/A:C

0.0004 Low

EPSS

Percentile

9.3%

JSON

Related for CVE-2008-3831

ubuntucve1 prion1 seebug1 veracode1 openvas22 nessus11 redhat2 centos1 oraclelinux2 securityvulns2 osv1 debian1 fedora6 suse1 ubuntu2