Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-2803

The drm_ioctl function in drivers/gpu/drm/drm_drv.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.27.53, 2.6.32.x before 2.6.32.21, 2.6.34.x before 2.6.34.6, and 2.6.35.x before 2.6.35.4 allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.

Published

2010-09-08T20:00:02.963

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 1.9 (LOW)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:P/I:N/A:N

  • Access Vector: LOCAL
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

3.4

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-200
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System linux linux_kernel < 2.6.27.53 Yes
Operating System linux linux_kernel < 2.6.32.21 Yes
Operating System linux linux_kernel < 2.6.34.6 Yes
Operating System linux linux_kernel < 2.6.35.4 Yes
Operating System debian debian_linux 5.0 Yes
Operating System opensuse opensuse 11.1 Yes
Operating System opensuse opensuse 11.3 Yes
Operating System suse linux_enterprise_desktop 11 Yes
Operating System suse linux_enterprise_high_availability_extension 11 Yes
Operating System suse linux_enterprise_real_time 11 Yes
Operating System suse linux_enterprise_server 11 Yes
References