CVE-2010-2962 — Improper Input Validation in Kernel

CWE-20 — Improper Input Validation CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer11 documents6 sources

Severity

7.2HIGHNVD

EPSS

0.1%

top 69.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

7

Linux Kernel Canonical Ubuntu Linux Fedoraproject Fedora +4 more

Timeline

PublishedNov 26

Latest updateMay 13

Description

drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations.

CVSS vector

AV:L/AC:L/C:C/I:C/A:CExploitability: 3.9 | Impact: 10.0

Affected Packages5 packages

▶NVDlinux/linux_kernel< 2.6.36

▶NVDsuse/linux_enterprise_server11

▶NVDsuse/linux_enterprise_desktop11

▶NVDsuse/linux_enterprise_real_time_extension11

▶NVDopensuse/opensuse11.3

Also affects: Ubuntu Linux 10.04, 10.10, 9.10, Fedora 13

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

2

GHSA

GHSA-x4r7-7jr8-f7fv: drivers/gpu/drm/i915/i915_gem↗2022-05-13

▶

CVEList

CVE-2010-2962: drivers/gpu/drm/i915/i915_gem↗2010-11-26

▶

📋Vendor Advisories

7

Ubuntu

Linux kernel (OMAP4) vulnerabilities↗2011-04-20

▶

Ubuntu

Linux Kernel vulnerabilities (Marvell Dove)↗2011-03-25

▶

Ubuntu

Linux kernel vulnerabilities↗2011-03-03

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-28

▶

Ubuntu

Linux kernel vulnerabilities↗2011-02-25

▶

💬Community

1

Bugzilla

CVE-2010-2962 kernel: arbitrary kernel memory write via i915 GEM ioctl↗2010-09-27

▶

CVE-2010-2962 — Improper Input Validation in Kernel | cvebase