CVE-2010-2803
Low
Low
Medium
High
Critical
CVSS Score
Vulnerability Description
The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.
Known Affected Software
7 configuration(s) from 3 vendor(s)
debian_linux
Version:
5.0
CPE:
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
opensuse
Version:
11.3
CPE:
cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
opensuse
Version:
11.1
CPE:
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
linux_enterprise_real_time
Version:
11
CPE:
cpe:2.3:o:suse:linux_enterprise_real_time:11:sp1:*:*:*:*:*:*
linux_enterprise_high_availability_extension
Version:
11
CPE:
cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:-:*:*:*:*:*:*
linux_enterprise_server
Version:
11
CPE:
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:-:*:*:*
linux_enterprise_desktop
Version:
11
CPE:
cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:*
This vulnerability affects 7 software configuration(s). Ensure you patch all affected systems.
References & Resources
-
http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=1b2f1489633888d4a06028315dc19d65768a1c05secalert@redhat.com
-
http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afdsecalert@redhat.com
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afdsecalert@redhat.com
-
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlsecalert@redhat.com Mailing List Third Party Advisory
-
http://secunia.com/advisories/41512secalert@redhat.com Broken Link
-
http://www.debian.org/security/2010/dsa-2094secalert@redhat.com Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53secalert@redhat.com Broken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21secalert@redhat.com Broken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6secalert@redhat.com Broken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4secalert@redhat.com Broken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198secalert@redhat.com Broken Link
-
http://www.redhat.com/support/errata/RHSA-2010-0842.htmlsecalert@redhat.com Broken Link
-
http://www.vupen.com/english/advisories/2010/2430secalert@redhat.com Broken Link
-
http://www.vupen.com/english/advisories/2011/0298secalert@redhat.com Broken Link
-
https://bugzilla.redhat.com/show_bug.cgi?id=621435secalert@redhat.com Exploit Issue Tracking Patch Third Party Advisory
-
http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=1b2f1489633888d4a06028315dc19d65768a1c05af854a3a-2127-422b-91ae-364da2661108
-
http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afdaf854a3a-2127-422b-91ae-364da2661108
-
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afdaf854a3a-2127-422b-91ae-364da2661108
-
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.htmlaf854a3a-2127-422b-91ae-364da2661108 Mailing List Third Party Advisory
-
http://secunia.com/advisories/41512af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.debian.org/security/2010/dsa-2094af854a3a-2127-422b-91ae-364da2661108 Third Party Advisory
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.redhat.com/support/errata/RHSA-2010-0842.htmlaf854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.vupen.com/english/advisories/2010/2430af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
http://www.vupen.com/english/advisories/2011/0298af854a3a-2127-422b-91ae-364da2661108 Broken Link
-
https://bugzilla.redhat.com/show_bug.cgi?id=621435af854a3a-2127-422b-91ae-364da2661108 Exploit Issue Tracking Patch Third Party Advisory
Severity Details
out of 10.0
Low
Weakness Type (CWE)
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
- Description
- The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- Exploit Likelihood
- High
- Typical Severity
- Medium
- Abstraction Level
- Class
Key Information
- Published Date
- September 08, 2010
