FKIE_CVE-2007-3851

Vulnerability from fkie_nvd - Published: 2007-08-13 19:17 - Updated: 2025-04-09 00:30
Severity ?
Summary
The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer.
References
secalert@redhat.comhttp://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
secalert@redhat.comhttp://secunia.com/advisories/26389Vendor Advisory
secalert@redhat.comhttp://secunia.com/advisories/26450
secalert@redhat.comhttp://secunia.com/advisories/26500
secalert@redhat.comhttp://secunia.com/advisories/26643
secalert@redhat.comhttp://secunia.com/advisories/26664
secalert@redhat.comhttp://secunia.com/advisories/26760
secalert@redhat.comhttp://secunia.com/advisories/27227
secalert@redhat.comhttp://www.debian.org/security/2007/dsa-1356
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:105
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2007_51_kernel.html
secalert@redhat.comhttp://www.novell.com/linux/security/advisories/2007_53_kernel.html
secalert@redhat.comhttp://www.redhat.com/support/errata/RHSA-2007-0705.html
secalert@redhat.comhttp://www.securityfocus.com/bid/25263
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-509-1
secalert@redhat.comhttp://www.ubuntu.com/usn/usn-510-1
secalert@redhat.comhttp://www.vupen.com/english/advisories/2007/2854
secalert@redhat.comhttps://issues.rpath.com/browse/RPL-1620
secalert@redhat.comhttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196
af854a3a-2127-422b-91ae-364da2661108http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26389Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26450
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26500
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26643
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26664
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/26760
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/27227
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2007/dsa-1356
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2008:105
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_51_kernel.html
af854a3a-2127-422b-91ae-364da2661108http://www.novell.com/linux/security/advisories/2007_53_kernel.html
af854a3a-2127-422b-91ae-364da2661108http://www.redhat.com/support/errata/RHSA-2007-0705.html
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/25263
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-509-1
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/usn-510-1
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2007/2854
af854a3a-2127-422b-91ae-364da2661108https://issues.rpath.com/browse/RPL-1620
af854a3a-2127-422b-91ae-364da2661108https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196
Impacted products
Vendor Product Version
linux linux_kernel *
intel i915_chipset *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B99E64-8A0A-4B5E-A2E5-34F2E612F7DE",
              "versionEndIncluding": "2.6.22.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:i915_chipset:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9A78D73-3C00-47E8-A8E7-285A2C83A8A6",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The drm/i915 component in the Linux kernel before 2.6.22.2, when used with i965G and later chipsets, allows local users with access to an X11 session and Direct Rendering Manager (DRM) to write to arbitrary memory locations and gain privileges via a crafted batchbuffer."
    },
    {
      "lang": "es",
      "value": "El componente drm/i915 en el n\u00facleo Linux anterior a 2.6.22.2, cuando se usa con el conjunto de chips (chipset) i965G y posteriores, permite a usuarios locales con acceso a una sesi\u00f3n X11 y al Direct Rendering Manager (DRM) escribir a posiciones de memoria de su elecci\u00f3n y obtener privilegios mediante un b\u00fafer de ejecuci\u00f3n por lotes (batchbuffer) manipulado."
    }
  ],
  "id": "CVE-2007-3851",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "LOCAL",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:H/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 1.5,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2007-08-13T19:17:00.000",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26389"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/26450"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/26500"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/26643"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/26664"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/26760"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/27227"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2007/dsa-1356"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/25263"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-509-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/usn-510-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.vupen.com/english/advisories/2007/2854"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://issues.rpath.com/browse/RPL-1620"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.22.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/26389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26500"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26643"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/26760"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/27227"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2007/dsa-1356"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:105"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_51_kernel.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.novell.com/linux/security/advisories/2007_53_kernel.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2007-0705.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/25263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-509-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/usn-510-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2007/2854"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://issues.rpath.com/browse/RPL-1620"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11196"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.