Vigil@nce: Linux kernel, denial of service with Intel G33/i915
October 2008 by Vigil@nce
When the system has an Intel mother board with an i915 graphic
chipset, a local attacker can fill the memory with zeros.
– Gravity: 1/4
– Consequences: denial of service of computer
– Provenance: user shell
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: medium (2/3)
– Creation date: 20/10/2008
IMPACTED PRODUCTS
– Linux kernel
DESCRIPTION
The drivers/gpu/drm/i915/i915_dma.c file implements the driver for
i915 graphic chipsets.
The DRM_I915_HWS_ADDR ioctl calls i915_set_status_page() to change
information about the driver. However, all users can call this
ioctl, whereas it should be restricted to root only.
A local attacker can therefore use this ioctl to reset memory
fragments.
CHARACTERISTICS
– Identifiers: BID-31792, CVE-2008-3831, VIGILANCE-VUL-8184
– Url: http://vigilance.aql.fr/vulnerability/8184