CVE-2008-3831

Publication date 20 October 2008

Last updated 24 July 2024

Ubuntu priority

The i915 driver in (1) drivers/char/drm/i915_dma.c in the Linux kernel 2.6.24 on Debian GNU/Linux and (2) sys/dev/pci/drm/i915_drv.c in OpenBSD does not restrict the DRM_I915_HWS_ADDR ioctl to the Direct Rendering Manager (DRM) master, which allows local users to cause a denial of service (memory corruption) via a crafted ioctl call, related to absence of the DRM_MASTER and DRM_ROOT_ONLY flags in the ioctl's configuration.

From the Ubuntu Security Team

It was discovered the the i915 video driver did not correctly validate memory addresses. A local attacker could exploit this to remap memory that could cause a system crash, leading to a denial of service. This issue did not affect Ubuntu 6.06 and was previous fixed for Ubuntu 7.10 and 8.04 in USN-659-1. Ubuntu 8.10 has now been corrected as well.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
linux	8.10 intrepid	Fixed 2.6.27-9.19
	8.04 LTS hardy	Fixed 2.6.24-21.43
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release
linux-source-2.6.15	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Not in release
	6.06 LTS dapper	Not affected
linux-source-2.6.20	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Not in release
	7.04 feisty	Ignored end of life, was pending
	6.06 LTS dapper	Not in release
linux-source-2.6.22	8.10 intrepid	Not in release
	8.04 LTS hardy	Not in release
	7.10 gutsy	Fixed 2.6.22-15.59
	7.04 feisty	Not in release
	6.06 LTS dapper	Not in release

References

Related Ubuntu Security Notices (USN)

USN-659-1
Linux kernel vulnerabilities
27 October 2008

USN-679-1
Linux kernel vulnerabilities
27 November 2008

Other references

https://www.cve.org/CVERecord?id=CVE-2008-3831