[CVE-2011-2022] agp: fix arbitrary kernel memory writes
Andy Whitcroft
apw at canonical.com
Thu May 26 15:50:28 UTC 2011
CVE-2011-2022
The agp_generic_remove_memory function in
drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does
not validate a certain start parameter, which allows local users
to gain privileges or cause a denial of service (system crash)
via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different
vulnerability than CVE-2011-1745.
This is already fixed and released in Oneiric, Natty, and Lucid arriving
via mainline and stable. Following this email is a patch applicable to
both Maverick and Hardy.
Proposing for Maverick and Hardy.
-apw
More information about the kernel-team
mailing list