Vulnerabilites related to intel - i915_chipset
cve-2007-3851
Vulnerability from cvelistv5
Published
2007-08-13 19:00
Modified
2024-08-07 14:28
Severity ?
Summary
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
References
http://www.securityfocus.com/bid/25263vdb-entry, x_refsource_BID
http://secunia.com/advisories/26389third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/27227third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26664third-party-advisory, x_refsource_SECUNIA
http://secunia.com/advisories/26643third-party-advisory, x_refsource_SECUNIA
http://www.novell.com/linux/security/advisories/2007_51_kernel.htmlvendor-advisory, x_refsource_SUSE
http://www.novell.com/linux/security/advisories/2007_53_kernel.htmlvendor-advisory, x_refsource_SUSE
https://issues.rpath.com/browse/RPL-1620x_refsource_CONFIRM
http://www.ubuntu.com/usn/usn-510-1vendor-advisory, x_refsource_UBUNTU
http://www.debian.org/security/2007/dsa-1356vendor-advisory, x_refsource_DEBIAN
http://www.ubuntu.com/usn/usn-509-1vendor-advisory, x_refsource_UBUNTU
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196vdb-entry, signature, x_refsource_OVAL
http://secunia.com/advisories/26760third-party-advisory, x_refsource_SECUNIA
http://www.redhat.com/support/errata/RHSA-2007-0705.htmlvendor-advisory, x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2008:105vendor-advisory, x_refsource_MANDRIVA
http://www.vupen.com/english/advisories/2007/2854vdb-entry, x_refsource_VUPEN
http://secunia.com/advisories/26500third-party-advisory, x_refsource_SECUNIA
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2x_refsource_CONFIRM
http://secunia.com/advisories/26450third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T14:28:52.591Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "25263",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/25263"
          },
          {
            "name": "26389",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26389"
          },
          {
            "name": "27227",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/27227"
          },
          {
            "name": "26664",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26664"
          },
          {
            "name": "26643",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26643"
          },
          {
            "name": "SUSE-SA:2007:051",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
          },
          {
            "name": "SUSE-SA:2007:053",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.rpath.com/browse/RPL-1620"
          },
          {
            "name": "USN-510-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-510-1"
          },
          {
            "name": "DSA-1356",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2007/dsa-1356"
          },
          {
            "name": "USN-509-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-509-1"
          },
          {
            "name": "oval:org.mitre.oval:def:11196",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196"
          },
          {
            "name": "26760",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26760"
          },
          {
            "name": "RHSA-2007:0705",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
          },
          {
            "name": "MDVSA-2008:105",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105"
          },
          {
            "name": "ADV-2007-2854",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2854"
          },
          {
            "name": "26500",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26500"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2"
          },
          {
            "name": "26450",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/26450"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-08-07T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-09-28T12:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "25263",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/25263"
        },
        {
          "name": "26389",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26389"
        },
        {
          "name": "27227",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/27227"
        },
        {
          "name": "26664",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26664"
        },
        {
          "name": "26643",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26643"
        },
        {
          "name": "SUSE-SA:2007:051",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
        },
        {
          "name": "SUSE-SA:2007:053",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.rpath.com/browse/RPL-1620"
        },
        {
          "name": "USN-510-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-510-1"
        },
        {
          "name": "DSA-1356",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2007/dsa-1356"
        },
        {
          "name": "USN-509-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-509-1"
        },
        {
          "name": "oval:org.mitre.oval:def:11196",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196"
        },
        {
          "name": "26760",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26760"
        },
        {
          "name": "RHSA-2007:0705",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
        },
        {
          "name": "MDVSA-2008:105",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105"
        },
        {
          "name": "ADV-2007-2854",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2854"
        },
        {
          "name": "26500",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26500"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2"
        },
        {
          "name": "26450",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/26450"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2007-3851",
    "datePublished": "2007-08-13T19:00:00",
    "dateReserved": "2007-07-18T00:00:00",
    "dateUpdated": "2024-08-07T14:28:52.591Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Vulnerability from fkie_nvd
Published
2007-08-13 19:17
Modified
2024-11-21 00:34
Severity ?
Summary
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
References
secalert@redhat.comhttp://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
secalert@redhat.comhttp://secunia.com/advisories/26389Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/26450
secalert@redhat.comhttp://secunia.com/advisories/26500
secalert@redhat.comhttp://secunia.com/advisories/26643
secalert@redhat.comhttp://secunia.com/advisories/26664
secalert@redhat.comhttp://secunia.com/advisories/26760
secalert@redhat.comhttp://secunia.com/advisories/27227
secalert@redhat.comhttp://www.debian.org/security/2007/dsa-1356
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:105
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2007_51_kernel.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2007_53_kernel.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2007-0705.html
secalert@redhat.comhttp://www.securityfocus.com/bid/25263
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-509-1
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-510-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/2854
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-1620
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196
af854a3a-2127-422b-91ae-364da2661108http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26389Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26450
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26500
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26643
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26664
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26760
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27227
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1356
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_51_kernel.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_53_kernel.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0705.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25263
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-509-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-510-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2854
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1620
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196
Impacted products
Vendor Product Version
linux linux_kernel *
intel i915_chipset *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B99E64-8A0A-4B5E-A2E5-34F2E612F7DE",
              "versionEndIncluding": "2.6.22.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:i915_chipset:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9A78D73-3C00-47E8-A8E7-285A2C83A8A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer."
    },
    {
      "lang": "es",
      "value": "El componente drm/i915 en el n\u00facleo Linux anterior a 2.6.22.2, cuando se usa con el conjunto de chips (chipset) i965G y posteriores, permite a usuarios locales con acceso a una sesi\u00f3n X11 y al Direct Rendering Manager (DRM) escribir a posiciones de memoria de su elecci\u00f3n y obtener privilegios mediante un b\u00fafer de ejecuci\u00f3n por lotes (batchbuffer) manipulado."
    }
  ],
  "id": "CVE-2007-3851",
  "lastModified": "2024-11-21T00:34:13.553",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-08-13T19:17:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26389"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/26450"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/26500"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/26643"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/26664"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/26760"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27227"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2007/dsa-1356"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/25263"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-509-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-510-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/2854"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-1620"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-509-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-510-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1620"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}