CVE-2010-2803

CWE-200 — Information Exposure7 documents6 sources

Severity

1.9LOW

EPSS

0.1%

top 76.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

7

Linux Linux Kernel Debian Debian Linux Opensuse Opensuse +4 more

Timeline

PublishedSep 8

Latest updateMay 13

Description

The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.

CVSS vector

AV:L/AC:M/C:P/I:N/A:NExploitability: 3.4 | Impact: 2.9

Affected Packages6 packages

▶NVDlinux/linux_kernel2.6.32 — 2.6.32.21+3

▶NVDsuse/linux_enterprise_server11

▶NVDsuse/linux_enterprise_desktop11

▶NVDsuse/linux_enterprise_real_time11

▶NVDsuse/linux_enterprise_high_availability_extension11

Also affects: Debian Linux 5.0

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-jq68-96jh-4wjh: The drm_ioctl function in drivers/gpu/drm/drm_drv↗2022-05-13

▶

CVEList

CVE-2010-2803: The drm_ioctl function in drivers/gpu/drm/drm_drv↗2010-09-08

▶

📋Vendor Advisories

3

Ubuntu

Linux kernel vulnerabilities↗2011-02-25

▶

Ubuntu

Linux kernel vulnerabilities↗2010-08-19

▶

Red Hat

kernel: drm ioctls infoleak↗2010-08-17

▶

💬Community

1

Bugzilla

CVE-2010-2803 kernel: drm ioctls infoleak↗2010-08-05

▶