Comment 1 Thierry Carrez (RETIRED) 2004-12-15 02:51:47 UTC

CAN-2004-1056:

Thomas Hellström discovered a Denial of Service vulnerability in the Direct
Rendering Manager (DRM) drivers. Due to an insufficient DMA lock checking,
any authorized client could send arbitrary values to the video card, which
could cause an X server crash or modification of the video output.

Comment 2 Donnie Berkholz (RETIRED) 2004-12-15 10:22:11 UTC

Bryan, wanna take a look at this for x11-drm?

Comment 3 Bryan Stine (RETIRED) 2004-12-15 23:30:03 UTC

Fixed in x11-drm 20040827, in patchball 0.2.

Comment 4 Thierry Carrez (RETIRED) 2004-12-16 01:33:01 UTC

Sorry if this question souds stupid, but... I thought this was a kernel issue, but in fact it is a x11-base/x11-drm issue ?

Comment 5 Donnie Berkholz (RETIRED) 2004-12-16 01:44:34 UTC

It's like alsa-drivers: both in-kernel and out-of-kernel versions.

Comment 6 Tim Yamin (RETIRED) 2004-12-21 11:05:58 UTC

Created attachment 46555 [details, diff]
2.4.28 Patch

Comment 7 Tim Yamin (RETIRED) 2004-12-21 11:06:53 UTC

Created attachment 46556 [details, diff]
2.6.7 / 2.6.8.1 Patch

Comment 8 Tim Yamin (RETIRED) 2004-12-21 11:07:13 UTC

Created attachment 46557 [details, diff]
2.6.9 Patch

Comment 9 Donnie Berkholz (RETIRED) 2004-12-21 11:10:39 UTC

Bryan, could you please revision bump x11-drm for this? Just adding the patch to the current ebuild won't fix things for people who already emerged it.

Comment 10 Tim Yamin (RETIRED) 2004-12-23 08:54:58 UTC

Created attachment 46719 [details, diff]
2.4.28 Patch

Comment 11 Tim Yamin (RETIRED) 2004-12-24 16:36:44 UTC

Ok, all patched - the following externally maintained sources still need patching:

gentoo-dev-sources -- Adding dsd...
grsec-sources -- Adding tocharian...
hppa(-dev)-sources -- Adding GMSoft...
mips-sources -- Adding `Kumba...
openmosix-sources -- Adding cluster herd...
pegasos-dev-sources -- Adding dholm...
rsbac(-dev)-sources -- Adding kang...

Comment 12 Tim Yamin (RETIRED) 2004-12-24 16:43:18 UTC

Also applies to sparc-sources; adding Joker...

Comment 13 Christian Birchinger (RETIRED) 2004-12-24 17:20:15 UTC

I don't think this Intel 810/830 DRI/DRM stuff works in a sparc.

Comment 14 Christian Birchinger (RETIRED) 2004-12-24 19:04:32 UTC

Not that i think it's needed but other security holes needed a new release anyway.
Fixed sparc-sources-2.4.28-r3 released.

Comment 15 David Holm (RETIRED) 2004-12-25 05:30:25 UTC

pegasos-dev-sources fixed, although I don't know of any ppc hardware that use Intel GPUs

Comment 16 Adam Mondl (RETIRED) 2004-12-25 05:33:49 UTC

grsec-sources-2.4.28.2.0.2-r3 fixed

Comment 17 Daniel Drake (RETIRED) 2004-12-25 17:54:20 UTC

gentoo-dev-sources done (both 2.6.9 and 2.6.10)

Comment 18 Konstantin Arkhipov (RETIRED) 2004-12-27 01:21:25 UTC

done in oM6-sources

Comment 19 Guy Martin (RETIRED) 2004-12-27 06:26:04 UTC

2.4 is dropped on hppa and I've patched 2.6.10-pa1.

Comment 20 Donnie Berkholz (RETIRED) 2005-01-02 12:22:41 UTC

https://bugs.freedesktop.org/show_bug.cgi?id=1803 is the upstream bug, fyi.

Comment 21 Joshua Kinard 2005-01-05 21:21:25 UTC

mips-sources fixed.

Comment 22 Guillaume Destuynder (RETIRED) 2005-01-13 16:00:54 UTC

fixed in rsbac-(dev-)sources

Comment 23 Guillaume Destuynder (RETIRED) 2005-01-21 05:39:23 UTC

rsbac-sources 2.4 is also fixed in ~x86

Comment 24 Thierry Carrez (RETIRED) 2005-03-16 03:16:24 UTC

Mass-Ccing kern-sec@gentoo.org to make sure Kernel Security guys know about all
of these...

Comment 25 Tim Yamin (RETIRED) 2005-03-16 06:13:14 UTC

All fixed, closing bug.

Comment 26 Robert Buchholz (RETIRED) 2009-05-03 13:59:46 UTC

http://git.kernel.org/?p=linux/kernel/git/tglx/history.git;a=commitdiff;h=e7e4457059cd62ec5b67ab9758229cf4ae9f3035