CVE-2011-1747
Published: 9 May 2011
The agp subsystem in the Linux kernel 2.6.38.5 and earlier does not properly restrict memory allocation by the (1) AGPIOC_RESERVE and (2) AGPIOC_ALLOCATE ioctls, which allows local users to cause a denial of service (memory consumption) by making many calls to these ioctls.
From the Ubuntu Security Team
Vasiliy Kulikov discovered that the AGP driver did not check the size of certain memory allocations. A local attacker with access to the video subsystem could exploit this to run the system out of memory, leading to a denial of service.
Notes
Author | Note |
---|---|
kees | no upstream fix yet |
apw | below is a partial fix, complete fix still remains break-fix: - b522f02184b413955f3bc952e3776ce41edc6355 |
mdeslaur | CAP_SYS_RAWIO is needed to exploit this, so is not security relevant. Ignoring. |
Priority
Status
Package | Release | Status |
---|---|---|
linux Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
|
|
lucid |
Ignored
|
|
maverick |
Ignored
|
|
natty |
Ignored
|
|
oneiric |
Ignored
|
|
precise |
Ignored
|
|
quantal |
Ignored
|
|
upstream |
Deferred
(referred to security)
|
|
linux-armadaxp Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
upstream |
Needs triage
|
|
linux-ec2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Ignored
|
|
maverick |
Ignored
(end of life)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Deferred
(referred to security)
|
|
linux-fsl-imx51 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Not vulnerable
(no AGP on ARM)
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Deferred
(referred to security)
|
|
linux-lts-backport-maverick Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Ignored
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Deferred
(referred to security)
|
|
linux-lts-backport-natty Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Deferred
(referred to security)
|
|
linux-lts-backport-oneiric Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Ignored
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Deferred
(referred to security)
|
|
linux-lts-quantal Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Ignored
|
|
quantal |
Does not exist
|
|
upstream |
Does not exist
|
|
linux-mvl-dove Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Not vulnerable
(no AGP on ARM)
|
|
maverick |
Not vulnerable
(no AGP on ARM)
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
upstream |
Deferred
(referred to security)
|
|
linux-ti-omap4 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Not vulnerable
(no AGP on ARM)
|
|
natty |
Not vulnerable
(no AGP on ARM)
|
|
oneiric |
Not vulnerable
(no AGP on ARM)
|
|
precise |
Not vulnerable
(no AGP on ARM)
|
|
quantal |
Not vulnerable
(no AGP on ARM)
|
|
upstream |
Deferred
(referred to security)
|