Integer Signedness Error in DRM Modeset Control Function

Integer Signedness Error in DRM Modeset Control Function

CVE-2011-1013 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.