PublicDateAtUSN: 2011-05-09
Candidate: CVE-2011-1013
PublicDate: 2011-05-09 19:55:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1013
 https://ubuntu.com/security/notices/USN-1141-1
 https://ubuntu.com/security/notices/USN-1160-1
 https://ubuntu.com/security/notices/USN-1162-1
 https://ubuntu.com/security/notices/USN-1167-1
 https://ubuntu.com/security/notices/USN-1159-1
 https://ubuntu.com/security/notices/USN-1187-1
 https://ubuntu.com/security/notices/USN-1202-1
 https://ubuntu.com/security/notices/USN-1204-1
Description:
 Integer signedness error in the drm_modeset_ctl function in (1)
 drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem
 in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the
 kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds
 write operations, and consequently cause a denial of service (system crash)
 or possibly have unspecified other impact, via a crafted num_crtcs (aka
 vb_num) structure member in an ioctl argument.
Ubuntu-Description:
 Matthiew Herrb discovered that the drm modeset interface did not correctly
 handle a signed comparison. A local attacker could exploit this to crash
 the system or possibly gain root privileges.
Notes:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: released (2.6.38~rc7)
dapper_linux-source-2.6.15: ignored (reached end-of-life)
hardy_linux-source-2.6.15: DNE
lucid_linux-source-2.6.15: DNE
maverick_linux-source-2.6.15: DNE
natty_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux:
 break-fix: 0a3e67a4caac273a3bfc4ced3da364830b1ab241 1922756124ddd53846877416d92ba4a802bc658f
upstream_linux: released (2.6.38~rc7)
dapper_linux: DNE
hardy_linux: not-affected
lucid_linux: released (2.6.32-32.62)
maverick_linux: released (2.6.35-29.51)
natty_linux: released (2.6.38-6.33)
devel_linux: not-affected (2.6.39-0.0)

Patches_linux-ec2:
upstream_linux-ec2: released (2.6.38~rc7)
dapper_linux-ec2: DNE
hardy_linux-ec2: DNE
lucid_linux-ec2: released (2.6.32-316.30)
maverick_linux-ec2: ignored (binary supplied by "linux" now)
natty_linux-ec2: DNE
devel_linux-ec2: DNE

Patches_linux-mvl-dove:
upstream_linux-mvl-dove: released (2.6.38~rc7)
dapper_linux-mvl-dove: DNE
hardy_linux-mvl-dove: DNE
lucid_linux-mvl-dove: released (2.6.32-217.34)
maverick_linux-mvl-dove: released (2.6.32-417.34)
natty_linux-mvl-dove: DNE
devel_linux-mvl-dove: DNE

Patches_linux-ti-omap4:
upstream_linux-ti-omap4: released (2.6.38~rc7)
dapper_linux-ti-omap4: DNE
hardy_linux-ti-omap4: DNE
lucid_linux-ti-omap4: DNE
maverick_linux-ti-omap4: released (2.6.35-903.23)
natty_linux-ti-omap4: released (2.6.38-1204.5)
devel_linux-ti-omap4: not-affected (2.6.38-1309.13)

Patches_linux-lts-backport-maverick:
upstream_linux-lts-backport-maverick: released (2.6.38~rc7)
dapper_linux-lts-backport-maverick: DNE
hardy_linux-lts-backport-maverick: DNE
lucid_linux-lts-backport-maverick: released (2.6.35-30.54~lucid1)
maverick_linux-lts-backport-maverick: DNE
natty_linux-lts-backport-maverick: DNE
devel_linux-lts-backport-maverick: DNE

Patches_linux-fsl-imx51:
upstream_linux-fsl-imx51: released (2.6.38~rc7)
dapper_linux-fsl-imx51: DNE
hardy_linux-fsl-imx51: DNE
lucid_linux-fsl-imx51: released (2.6.31-610.27)
maverick_linux-fsl-imx51: DNE
natty_linux-fsl-imx51: DNE
devel_linux-fsl-imx51: DNE

Patches_linux-lts-backport-natty:
upstream_linux-lts-backport-natty: released (2.6.38~rc7)
hardy_linux-lts-backport-natty: DNE
lucid_linux-lts-backport-natty: not-affected (2.6.38-7.35~lucid1)
maverick_linux-lts-backport-natty: DNE
natty_linux-lts-backport-natty: DNE
devel_linux-lts-backport-natty: DNE