CVE-2011-1013

Published: 09 May 2011

Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.

From the Ubuntu security team

Matthiew Herrb discovered that the drm modeset interface did not correctly handle a signed comparison. A local attacker could exploit this to crash the system or possibly gain root privileges.

Priority

Low

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc7)
Patches:
Introduced by 0a3e67a4caac273a3bfc4ced3da364830b1ab241
Fixed by 1922756124ddd53846877416d92ba4a802bc658f
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc7)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc7)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc7)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc7)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc7)
linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc7)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.38~rc7)

References

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading