CVE-2011-1016

Published: 28 February 2011

The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values.

From the Ubuntu security team

Marek Olšák discovered that the Radeon GPU drivers did not correctly validate certain registers. On systems with specific hardware, a local attacker could exploit this to write to arbitrary video memory.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc7)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fff1ce4dc6113b6fdc4e3a815ca5fd229408f8ef
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=45e4039c3aea597ede44a264cea322908cdedfe9
linux-ec2
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc7)
linux-fsl-imx51
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc7)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc7)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc7)
linux-mvl-dove
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc7)
linux-source-2.6.15
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc7)
linux-ti-omap4
Launchpad, Ubuntu, Debian
Upstream
Released (2.6.38~rc7)