1.9

CVE-2010-2803

Exploit

EPSS 0.08%
Veröffentlicht 08.09.2010 20:00:02
Zuletzt bearbeitet 11.04.2025 00:51:21
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 21

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Linux ≫ Linux Kernel Version < 2.6.27.53

Linux ≫ Linux Kernel Version >= 2.6.32 < 2.6.32.21

Linux ≫ Linux Kernel Version >= 2.6.34 < 2.6.34.6

Linux ≫ Linux Kernel Version >= 2.6.35 < 2.6.35.4

Debian ≫ Debian Linux Version5.0

Opensuse ≫ Opensuse Version11.1

Opensuse ≫ Opensuse Version11.3

Suse ≫ Linux Enterprise Desktop Version11 Updatesp1

Suse ≫ Linux Enterprise High Availability Extension Version11 Updatesp1

Suse ≫ Linux Enterprise Real Time Version11 Updatesp1

Suse ≫ Linux Enterprise Server Version11 Updatesp1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.08%	0.211

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	1.9	3.4	2.9	AV:L/AC:M/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://www.mandriva.com/security/advisories?name=MDVSA-2010:198

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00004.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2010-11/msg00000.html

Third Party Advisory

Mailing List

http://lists.opensuse.org/opensuse-security-announce/2011-02/msg00000.html

Third Party Advisory

Mailing List

http://www.debian.org/security/2010/dsa-2094

Third Party Advisory

http://www.vupen.com/english/advisories/2011/0298

Broken Link

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00005.html

Third Party Advisory

Mailing List

http://secunia.com/advisories/41512

Broken Link

http://www.vupen.com/english/advisories/2010/2430

Broken Link

http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=1b2f1489633888d4a06028315dc19d65768a1c05

http://git.kernel.org/?p=linux/kernel/git/airlied/drm-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afd

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b9f0aee83335db1f3915f4e42a5e21b351740afd

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27.53

Broken Link

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.32.21

Broken Link

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.34.6

Broken Link

http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.35.4

Broken Link

http://www.redhat.com/support/errata/RHSA-2010-0842.html

Broken Link

https://bugzilla.redhat.com/show_bug.cgi?id=621435

Patch

Third Party Advisory

Exploit

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2010-2803

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2010-2803

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2010-2803

EUVD