The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
http://secunia.com/advisories/26389
http://secunia.com/advisories/26450
http://secunia.com/advisories/26500
http://secunia.com/advisories/26643
http://secunia.com/advisories/26664
http://secunia.com/advisories/26760
http://secunia.com/advisories/27227
https://issues.rpath.com/browse/RPL-1620
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196
http://www.debian.org/security/2007/dsa-1356
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
http://www.novell.com/linux/security/advisories/2007_51_kernel.html
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.redhat.com/support/errata/RHSA-2007-0705.html
http://www.ubuntu.com/usn/usn-509-1
Published: 2007-08-13
Base Score: 6
Vector: CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C
Severity: Medium