Description

The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.

References

http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commit;h=1b2f1489633888d4a06028315dc19d65768a1c05

http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git;a=commit;h=b9f0aee83335db1f3915f4e42a5e21b351740afd

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b9f0aee83335db1f3915f4e42a5e21b351740afd

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

http://secunia.com/advisories/41512

http://www.debian.org/security/2010/dsa-2094

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4

http://www.mandriva.com/security/advisories?name=MDVSA-2010:198

http://www.redhat.com/support/errata/RHSA-2010-0842.html

http://www.vupen.com/english/advisories/2010/2430

http://www.vupen.com/english/advisories/2011/0298

https://bugzilla.redhat.com/show_bug.cgi?id=621435

Details

Risk Information

CVSS v2