CVE-2010-2803

The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.

CVSS v2.0 1.9 LOW

1.9^/10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53	Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6	Broken Link
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4	Broken Link
https://bugzilla.redhat.com/show_bug.cgi?id=621435	Exploit Issue Tracking Patch Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21	Broken Link
http://www.debian.org/security/2010/dsa-2094	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html	Mailing List Third Party Advisory
http://secunia.com/advisories/41512	Broken Link
http://www.vupen.com/english/advisories/2010/2430	Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:198	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html	Mailing List Third Party Advisory
http://www.redhat.com/support/errata/RHSA-2010-0842.html	Broken Link
http://www.vupen.com/english/advisories/2011/0298	Broken Link
http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html	Mailing List Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afd
http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=1b2f1489633888d4a06028315dc19d65768a1c05
http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afd

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1::::::
	cpe:2.3:o:opensuse:opensuse:11.1:::::::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1::::::
	cpe:2.3:o:opensuse:opensuse:11.3:::::::*
	cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp1::::::
	cpe:2.3:o:suse:linux_enterprise_real_time:11:sp1::::::

Information

Published : 2010-09-08 13:00

Updated : 2023-02-12 19:18

NVD link : CVE-2010-2803

Mitre link : CVE-2010-2803

JSON object : View

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Products Affected

suse

linux_enterprise_desktop
linux_enterprise_real_time
linux_enterprise_high_availability_extension
linux_enterprise_server

linux

linux_kernel

debian

debian_linux

opensuse

opensuse

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53", "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6", "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4", "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=621435", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=621435", "tags": ["Exploit", "Issue Tracking", "Patch", "Third Party Advisory"], "refsource": "CONFIRM"}, {"url": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21", "name": "http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21", "tags": ["Broken Link"], "refsource": "CONFIRM"}, {"url": "http://www.debian.org/security/2010/dsa-2094", "name": "DSA-2094", "tags": ["Third Party Advisory"], "refsource": "DEBIAN"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html", "name": "SUSE-SA:2010:041", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://secunia.com/advisories/41512", "name": "41512", "tags": ["Broken Link"], "refsource": "SECUNIA"}, {"url": "http://www.vupen.com/english/advisories/2010/2430", "name": "ADV-2010-2430", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:198", "name": "MDVSA-2010:198", "tags": ["Broken Link"], "refsource": "MANDRIVA"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html", "name": "SUSE-SA:2010:040", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://www.redhat.com/support/errata/RHSA-2010-0842.html", "name": "RHSA-2010:0842", "tags": ["Broken Link"], "refsource": "REDHAT"}, {"url": "http://www.vupen.com/english/advisories/2011/0298", "name": "ADV-2011-0298", "tags": ["Broken Link"], "refsource": "VUPEN"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html", "name": "SUSE-SA:2011:007", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html", "name": "SUSE-SA:2010:052", "tags": ["Mailing List", "Third Party Advisory"], "refsource": "SUSE"}, {"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afd", "name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afd", "tags": [], "refsource": "MISC"}, {"url": "http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=1b2f1489633888d4a06028315dc19d65768a1c05", "name": "http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=1b2f1489633888d4a06028315dc19d65768a1c05", "tags": [], "refsource": "MISC"}, {"url": "http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afd", "name": "http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afd", "tags": [], "refsource": "MISC"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-200"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2010-2803", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2010-09-08T20:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.6.35.4", "versionStartIncluding": "2.6.35"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.6.34.6", "versionStartIncluding": "2.6.34"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.6.32.21", "versionStartIncluding": "2.6.32"}, {"cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.6.27.53"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_desktop:11:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_high_availability_extension:11:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:suse:linux_enterprise_real_time:11:sp1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T03:18Z"}

1.9 /10