CVE-2007-3851

The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.

CVSS v2.0 6.0 MEDIUM

6.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:L/AC:H/Au:S/C:C/I:C/A:C

Exploitability : 1.5 / Impact : 10.0

Access Vector LOCAL

Access Complexity HIGH

Authentication SINGLE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
http://secunia.com/advisories/26389	Vendor Advisory
http://secunia.com/advisories/26450
http://secunia.com/advisories/26500
http://secunia.com/advisories/26643
http://secunia.com/advisories/26664
http://secunia.com/advisories/26760
http://secunia.com/advisories/27227
http://www.debian.org/security/2007/dsa-1356
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
http://www.novell.com/linux/security/advisories/2007_51_kernel.html
http://www.novell.com/linux/security/advisories/2007_53_kernel.html
http://www.redhat.com/support/errata/RHSA-2007-0705.html
http://www.securityfocus.com/bid/25263
http://www.ubuntu.com/usn/usn-509-1
http://www.ubuntu.com/usn/usn-510-1
http://www.vupen.com/english/advisories/2007/2854
https://issues.rpath.com/browse/RPL-1620
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

cpe:2.3:h:intel:i915_chipset:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2007-08-13 19:17

Updated : 2023-12-10 10:40

NVD link : CVE-2007-3851

Mitre link : CVE-2007-3851

CVE.ORG link : CVE-2007-3851

JSON object : View

Products Affected

linux

linux_kernel

intel

i915_chipset

CWE

CWE-399

Resource Management Errors

{"id": "CVE-2007-3851", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.0, "accessVector": "LOCAL", "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "authentication": "SINGLE", "integrityImpact": "COMPLETE", "accessComplexity": "HIGH", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 1.5, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2007-08-13T19:17:00.000", "references": [{"url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26389", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26450", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26500", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26643", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26664", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/26760", "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/27227", "source": "secalert@redhat.com"}, {"url": "http://www.debian.org/security/2007/dsa-1356", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105", "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html", "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html", "source": "secalert@redhat.com"}, {"url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/25263", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/usn-509-1", "source": "secalert@redhat.com"}, {"url": "http://www.ubuntu.com/usn/usn-510-1", "source": "secalert@redhat.com"}, {"url": "http://www.vupen.com/english/advisories/2007/2854", "source": "secalert@redhat.com"}, {"url": "https://issues.rpath.com/browse/RPL-1620", "source": "secalert@redhat.com"}, {"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-399"}]}], "descriptions": [{"lang": "en", "value": "The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer."}, {"lang": "es", "value": "El componente drm/i915 en el n\u00facleo Linux anterior a 2.6.22.2, cuando se usa con el conjunto de chips (chipset) i965G y posteriores, permite a usuarios locales con acceso a una sesi\u00f3n X11 y al Direct Rendering Manager (DRM) escribir a posiciones de memoria de su elecci\u00f3n y obtener privilegios mediante un b\u00fafer de ejecuci\u00f3n por lotes (batchbuffer) manipulado."}], "lastModified": "2017-09-29T01:29:08.157", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "37B99E64-8A0A-4B5E-A2E5-34F2E612F7DE", "versionEndIncluding": "2.6.22.1"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:intel:i915_chipset:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A9A78D73-3C00-47E8-A8E7-285A2C83A8A6"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "secalert@redhat.com"}