CVE-2008-3831 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3831): The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.
Patch: http://www.openbsd.org/cgi-bin/cvsweb/src/sys/dev/pci/drm/i915_drv.c.diff?r1=1.7;r2=1.8
Upstream fix: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=4b40893918203ee1a1f6a114316c2a19c072e9bd
Patch is currently in the review cycle for 2.6.25.19, 2.6.26.7 and 2.6.27.3
Further to Gordon's remark, the patch was indeed included in the referenced. stable patches. hardened-kernel unaffected at present time. Removing alias. PS: genpatches-2.6.26-4 added 2.6.26.7. genpatches-2.6.27-3 added 2.6.27.3. =genpatches-2.6.25* remains vulnerable. However, hardened-sources-2.6.25-r13 does not because we independently folded in the newer stable patches.
