The ATI Rage 128 (aka r128) driver in the Linux kernel before 2.6.31-git11 does not properly verify Concurrent Command Engine (CCE) state initialization, which allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly gain privileges via unspecified ioctl calls.
2009-10-22T16:00:00.577
2025-04-09T00:30:58.490
Deferred
CVSSv3.1: 7.8 (HIGH)
AV:L/AC:L/Au:N/C:N/I:N/A:C
3.9
6.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | linux | linux_kernel | < 2.6.31.1 | Yes |
| Operating System | fedoraproject | fedora | 10 | Yes |
| Operating System | canonical | ubuntu_linux | 6.06 | Yes |
| Operating System | canonical | ubuntu_linux | 8.04 | Yes |
| Operating System | canonical | ubuntu_linux | 8.10 | Yes |
| Operating System | canonical | ubuntu_linux | 9.04 | Yes |
| Operating System | canonical | ubuntu_linux | 9.10 | Yes |
| Application | redhat | mrg_realtime | 1.0 | Yes |
| Application | suse | linux_enterprise_debuginfo | 10 | Yes |
| Application | suse | linux_enterprise_debuginfo | 10 | Yes |
| Operating System | opensuse | opensuse | 11.0 | Yes |
| Operating System | suse | linux_enterprise_desktop | 10 | Yes |
| Operating System | suse | linux_enterprise_desktop | 10 | Yes |
| Operating System | suse | linux_enterprise_server | 8 | Yes |
| Operating System | suse | linux_enterprise_server | 10 | Yes |
| Operating System | suse | linux_enterprise_server | 10 | Yes |