The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux
kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c
in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the
Direct Rendering Manager (DRM) master, which allows local users to
cause a denial of service (memory corruption) via a crafted ioctl
call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in
the ioctl's configuration.
Patch is currently in the review cycle for 220.127.116.11, 18.104.22.168 and 22.214.171.124
Further to Gordon's remark, the patch was indeed included in the referenced. stable patches. hardened-kernel unaffected at present time. Removing alias.
PS: genpatches-2.6.26-4 added 126.96.36.199. genpatches-2.6.27-3 added 188.8.131.52. =genpatches-2.6.25* remains vulnerable. However, hardened-sources-2.6.25-r13 does not because we independently folded in the newer stable patches.