Home > Vulnerability Database > CVE-2010-2962

Mend.io Vulnerability Database

CVE-2010-2962

Date: November 26, 2010

drivers/gpu/drm/i915/i915_gem.c in the Graphics Execution Manager (GEM) in the Intel i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.36 does not properly validate pointers to blocks of memory, which allows local users to write to arbitrary kernel memory locations, and consequently gain privileges, via crafted use of the ioctl interface, related to (1) pwrite and (2) pread operations.

Language: C

Severity Score

8.4

Related Resources (20)

Url: https://bugzilla.redhat.com/show_bug.cgi?id=637688

Url: http://www.securityfocus.com/bid/44067

Url: http://www.vupen.com/english/advisories/2010/3321

Url: http://secunia.com/advisories/42758

Url: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00003.html

Url: http://www.vupen.com/english/advisories/2011/0070

Url: http://www.ubuntu.com/usn/USN-1041-1

Url: http://lists.opensuse.org/opensuse-security-announce/2010-10/msg00004.html

Url: https://access.redhat.com/security/cve/CVE-2010-2962

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2010-2962

Url: http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

Url: http://www.redhat.com/support/errata/RHSA-2010-0958.html

Url: http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.36

Url: http://www.redhat.com/support/errata/RHSA-2010-0842.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2010-2962

Url: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ce9d419dbecc292cc3e06e8b1d6d123d3fa813a4

Url: http://secunia.com/advisories/42745

Url: http://lists.fedoraproject.org/pipermail/package-announce/2010-December/052513.html

Url: http://www.vupen.com/english/advisories/2011/0298

Url: https://www.mend.io/vulnerability-database/CVE-2010-2962

Severity Score

8.4

Weakness Type (CWE)

Improper Input Validation

CWE-20

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	7.2
Access Vector (AV):	LOCAL
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	COMPLETE
Integrity (I):	COMPLETE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2010-2962

Date: November 26, 2010

Language: C

Severity Score

Related Resources (20)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?