Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 243042 (CVE-2008-3831)

Summary: Kernel: <=2.6.24 drivers/char/drm/i915_dma.c DOS (CVE-2008-3831)
Product: Gentoo Security Reporter: Stefan Behte (RETIRED) <craig>
Component: KernelAssignee: Gentoo Security <security>
Severity: normal CC: kernel
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: [linux <] [linux >=2.6.26 <] [linux >=2.6.27 <]
Package list:
Runtime testing required: ---

Description Stefan Behte (RETIRED) gentoo-dev Security 2008-10-21 12:38:21 UTC
CVE-2008-3831 (
  The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux
  kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c
  in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the
  Direct Rendering Manager (DRM) master, which allows local users to
  cause a denial of service (memory corruption) via a crafted ioctl
  call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in
  the ioctl's configuration.
Comment 3 Gordon Malm (RETIRED) gentoo-dev 2008-10-21 20:28:44 UTC
Patch is currently in the review cycle for, and
Comment 4 into-the-trash-it-goes 2009-07-20 22:27:49 UTC
Further to Gordon's remark, the patch was indeed included in the referenced. stable patches. hardened-kernel unaffected at present time. Removing alias.

PS: genpatches-2.6.26-4 added genpatches-2.6.27-3 added =genpatches-2.6.25* remains vulnerable. However, hardened-sources-2.6.25-r13 does not because we independently folded in the newer stable patches.