CVE-2011-1013

Priority
Description
Integer signedness error in the drm_modeset_ctl function in (1)
drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem
in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the
kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds
write operations, and consequently cause a denial of service (system crash)
or possibly have unspecified other impact, via a crafted num_crtcs (aka
vb_num) structure member in an ioctl argument.
Ubuntu-Description
Matthiew Herrb discovered that the drm modeset interface did not correctly
handle a signed comparison. A local attacker could exploit this to crash
the system or possibly gain root privileges.
Package
Upstream:released (2.6.38~rc7)
Package
Upstream:released (2.6.38~rc7)
Package
Upstream:released (2.6.38~rc7)
Package
Upstream:released (2.6.38~rc7)
Package
Upstream:released (2.6.38~rc7)
Package
Upstream:released (2.6.38~rc7)
Package
Upstream:released (2.6.38~rc7)
More Information

Updated: 2019-03-19 11:57:25 UTC (commit 15472795df7e9de45b82f2d36b8b419b939f97b2)