Description
The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Affected products
- Canonical / Ubuntu Linux9.04 – 9.04
- Canonical / Ubuntu Linux9.10 – 9.10
- Canonical / Ubuntu Linux6.06 – 6.06
- Canonical / Ubuntu Linux8.04 – 8.04
- Canonical / Ubuntu Linux8.10 – 8.10
- fedoraproject / fedora10 – 10
- Linux / Linux kernel2.6.31.1
- openSUSE / opensuse11.0 – 11.0
- RedHat / mrg_realtime1.0 – 1.0
- SUSE / linux_enterprise_debuginfo10 – 10
- SUSE / linux_enterprise_debuginfo10 – 10
- SUSE / linux_enterprise_desktop10 – 10
- SUSE / linux_enterprise_desktop10 – 10
- SUSE / linux_enterprise_server8 – 8
- SUSE / linux_enterprise_server10 – 10
- SUSE / linux_enterprise_server10 – 10
References
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/10/19/3
- MISChttp://www.redhat.com/support/errata/RHSA-2009-1671.html
- MISChttp://www.securityfocus.com/bid/36824
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9891
- MISChttps://rhn.redhat.com/errata/RHSA-2009-1540.html
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=529597
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2009-12/msg00002.html
- VENDOR_ADVISORYhttp://www.ubuntu.com/usn/usn-864-1
- VENDOR_ADVISORYhttp://secunia.com/advisories/38794
- MAILING_LISThttp://lists.vmware.com/pipermail/security-announce/2010/000082.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/36707
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:198
- MISChttp://article.gmane.org/gmane.linux.kernel/892259
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:088
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00005.html
- MISChttp://www.kernel.org/pub/linux/kernel/v2.6/snapshots/patch-2.6.31-git11.log
- VENDOR_ADVISORYhttp://secunia.com/advisories/37909
- MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6763
- MISChttp://www.redhat.com/support/errata/RHSA-2010-0882.html
- MISChttp://www.redhat.com/support/errata/RHSA-2009-1670.html
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2009-12/msg00005.html
- MAILING_LISThttp://www.openwall.com/lists/oss-security/2009/10/19/1
- VENDOR_ADVISORYhttp://secunia.com/advisories/38834
- MISChttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7dc482dfeeeefcfd000d4271c4626937406756d7
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-02/msg00007.html
- MISChttps://www.redhat.com/archives/fedora-package-announce/2009-November/msg00190.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/0528