CVE-2011-1016

critical

Description

The Radeon GPU drivers in the Linux kernel before 2.6.38-rc5 do not properly validate data related to the AA resolve registers, which allows local users to write to arbitrary memory locations associated with (1) Video RAM (aka VRAM) or (2) the Graphics Translation Table (GTT) via crafted values.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/65691

https://bugzilla.redhat.com/show_bug.cgi?id=680000

http://www.securityfocus.com/bid/46557

http://openwall.com/lists/oss-security/2011/02/25/4

http://openwall.com/lists/oss-security/2011/02/24/3

http://openwall.com/lists/oss-security/2011/02/24/11

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fff1ce4dc6113b6fdc4e3a815ca5fd229408f8ef

Details

Source: Mitre, NVD

Published: 2011-02-28

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical