CVE-2013-0913

Description

Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition.

CVSS Metrics

• v2.0•HIGH•Score: 7.2AV:L/AC:L/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 0.03%• Percentile: 10%

Techniques & Countermeasures

• CWE-189•Numeric Errors

  Weaknesses in this category are related to improper calculation or conversion of numbers.

Affected Systems

• linux•linux_kernel

  ≥ 2.6.37, < 3.0.71 | ≥ 3.1, < 3.2.42 | ≥ 3.3, < 3.4.38 | ≥ 3.5, < 3.8.5

• opensuse•opensuse

  11.4 | 12.1

References (17)

• http://lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.html
• https://bugzilla.redhat.com/show_bug.cgi?id=920471
• http://www.ubuntu.com/usn/USN-1812-1
• http://openwall.com/lists/oss-security/2013/03/11/6
• http://www.ubuntu.com/usn/USN-1809-1
• http://openwall.com/lists/oss-security/2013/03/14/22
• http://www.ubuntu.com/usn/USN-1814-1
• http://openwall.com/lists/oss-security/2013/03/13/9
• https://gerrit.chromium.org/gerrit/45118
• http://rhn.redhat.com/errata/RHSA-2013-0744.html
• http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html
• http://www.ubuntu.com/usn/USN-1813-1
• https://lkml.org/lkml/2013/3/11/501
• http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.html
• http://git.chromium.org/gitweb/?p=chromiumos/third_party/kernel.git%3Ba=commit%3Bh=c79efdf2b7f68f985922a8272d64269ecd490477
• http://www.ubuntu.com/usn/USN-1811-1
• https://code.google.com/p/chromium-os/issues/detail?id=39733