#VU92865 Resource management errors in Linux kernel - CVE-2007-3851
Published: August 13, 2007 / Updated: September 29, 2017
Vulnerability identifier: #VU92865
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2007-3851
CWE-ID: CWE-399
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Linux kernel
Linux kernel
Software vendor:
Linux Foundation
Linux Foundation
Description
The vulnerability allows a local user to execute arbitrary code.
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
Remediation
Install update from vendor's repository.
External links
- http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
- http://secunia.com/advisories/26389
- http://secunia.com/advisories/26450
- http://secunia.com/advisories/26500
- http://secunia.com/advisories/26643
- http://secunia.com/advisories/26664
- http://secunia.com/advisories/26760
- http://secunia.com/advisories/27227
- http://www.debian.org/security/2007/dsa-1356
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
- http://www.novell.com/linux/security/advisories/2007_51_kernel.html
- http://www.novell.com/linux/security/advisories/2007_53_kernel.html
- http://www.redhat.com/support/errata/RHSA-2007-0705.html
- http://www.securityfocus.com/bid/25263
- http://www.ubuntu.com/usn/usn-509-1
- http://www.ubuntu.com/usn/usn-510-1
- http://www.vupen.com/english/advisories/2007/2854
- https://issues.rpath.com/browse/RPL-1620
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196