CVE-2010-2803
6.8 Medium
AI Score
Confidence
High
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
12.3%
The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.
References
git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=1b2f1489633888d4a06028315dc19d65768a1c05
git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afd
git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afd
lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html
lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html
lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html
lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html
secunia.com/advisories/41512
www.debian.org/security/2010/dsa-2094
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6
www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4
www.mandriva.com/security/advisories?name=MDVSA-2010:198
www.redhat.com/support/errata/RHSA-2010-0842.html
www.vupen.com/english/advisories/2010/2430
www.vupen.com/english/advisories/2011/0298
bugzilla.redhat.com/show_bug.cgi?id=621435
Related
6.8 Medium
AI Score
Confidence
High
1.9 Low
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:N/A:N
0.0004 Low
EPSS
Percentile
12.3%