CVE-2011-2022

Published: 09 May 2011

The agp_generic_remove_memory function in drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does not validate a certain start parameter, which allows local users to gain privileges or cause a denial of service (system crash) via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different vulnerability than CVE-2011-1745.

From the Ubuntu security team

Vasiliy Kulikov discovered that the AGP driver did not check certain ioctl values. A local attacker with access to the video subsystem could exploit this to crash the system, leading to a denial of service, or possibly gain root privileges.

Priority

Medium

Status

Package Release Status
linux
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc5)
Patches:
Upstream: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=194b3da873fd334ef183806db751473512af29ce
linux-ec2
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc5)
linux-fsl-imx51
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc5)
linux-lts-backport-maverick
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc5)
linux-lts-backport-natty
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc5)
linux-mvl-dove
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc5)
linux-source-2.6.15
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc5)
linux-ti-omap4
Launchpad, Ubuntu, Debian 		Upstream
Released (2.6.39~rc5)

References

Bugs

Join the discussion

Canonical is offering Extended Security Maintenance

Canonical is offering Ubuntu 14.04 Extended Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM

Further reading