Release date: 2010-08-19
Updated on: 2010-08-23
Affected Systems:
Linux kernel 2.6.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 42577
Cve id: CVE-2010-2803
Linux Kernel is the Kernel used by open source Linux.
The drm_ioctl () function in the drivers/gpu/drm/drm_drv.c driver of Linux Kernel does not properly clear the Kernel memory and copies it to the user space, this allows local users to leak sensitive information by sending specially crafted IOCTL requests. The successful exploitation of this vulnerability requires that you have read and write permissions on the DRI path.
<* Source: Dave Airlie
Link: http://secunia.com/advisories/40656/
Https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-August/001143.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://git.kernel.org /? P = linux/kernel/git/airlied/drm-2.6.git; a = commitdiff; h = b9f0aee83335db1f3915f4e42a5e21b351740afd
Http://git.kernel.org /? P = linux/kernel/git/airlied/drm-2.6.git; a = commitdiff; h = 1b2f1489633888d4a06028315dc19d65768a1c05
Ubuntu
------
Ubuntu has released a Security Bulletin (USN-974-1) and patches for this:
USN-974-1: Linux kernel vulnerabilities
Link: https://lists.ubuntu.com/archives/ubuntu-security-announce/2010-August/001143.html
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
