CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%
An issue where a provided address with access_ok() is not checked was
discovered in i915_gem_execbuffer2_ioctl in
drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through
4.19.13. A local attacker can craft a malicious IOCTL function call to
overwrite arbitrary kernel memory, resulting in a Denial of Service or
privilege escalation.
Author | Note |
---|---|
tyhicks | Only the i915_gem_execbuffer2_ioctl() changes are technically needed for this CVE. It would be ideal to audit the callers of the other changed functions in the fix commit. This CVE is being disputed. See the oss-security emails on 2019-02-07 for details. |
sbeattie | while this specific ioctl may or may not be vulnerable, the fix is generic aenough to possibly block other vulnerabilities. |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | linux | < 4.15.0-115.116 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-aws | < 4.15.0-1080.84 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-aws-hwe | < 4.15.0-1080.84~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure | < 5.0.0-1014.14~18.04.1 | UNKNOWN |
ubuntu | 14.04 | noarch | linux-azure | < 4.15.0-1093.103~14.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-azure | < 4.15.0-1093.103~16.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-4.15 | < 4.15.0-1093.103 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-azure-edge | < 5.0.0-1014.14~18.04.1 | UNKNOWN |
ubuntu | 18.04 | noarch | linux-gcp | < 5.0.0-1020.20~18.04.1 | UNKNOWN |
ubuntu | 16.04 | noarch | linux-gcp | < 4.15.0-1081.92~16.04.1 | UNKNOWN |
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
5.1%