CVE-2010-2803

Name of the Vulnerable Software and Affected Versions drbd-kmp-default versions (affected versions not specified) Linux kernel versions prior to 2.6.27.53 Linux kernel versions 2.6.32.x prior to 2.6.32.21 Linux kernel versions 2.6.34.x prior to 2.6.34.6 Linux kernel versions 2.6.35.x prior to 2.6.35.4

Description The issue affects the confidentiality, integrity, and availability of protected information. It can be exploited locally. The drm ioctl function in the Linux kernel's Direct Rendering Manager (DRM) subsystem allows local users to obtain potentially sensitive information from kernel memory by requesting a large memory-allocation amount.

Recommendations For Linux kernel versions prior to 2.6.27.53, update to version 2.6.27.53 or later. For Linux kernel versions 2.6.32.x prior to 2.6.32.21, update to version 2.6.32.21 or later. For Linux kernel versions 2.6.34.x prior to 2.6.34.6, update to version 2.6.34.6 or later. For Linux kernel versions 2.6.35.x prior to 2.6.35.4, update to version 2.6.35.4 or later. As a temporary workaround for the drm ioctl function issue, consider restricting local access to the Direct Rendering Manager (DRM) subsystem until a patch is available.