An issue where a provided address with access_ok() is not checked was discovered in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Linux kernel through 4.19.13. A local attacker can craft a malicious IOCTL function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation.
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
| Link | Tags |
|---|---|
| http://www.securityfocus.com/bid/106748 | vdb entry third party advisory broken link |
| http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/log/drivers/gpu/drm/i915/i915_gem_execbuffer.c | release notes vendor advisory |
| http://lists.opensuse.org/opensuse-security-announce/2019-02/msg00042.html | third party advisory mailing list |
| http://www.openwall.com/lists/oss-security/2019/01/23/6 | mailing list patch exploit third party advisory |
| https://access.redhat.com/security/cve/cve-2018-20669 | third party advisory |
| https://security.netapp.com/advisory/ntap-20190404-0002/ | third party advisory |
| https://support.f5.com/csp/article/K32059550 | third party advisory |
| https://usn.ubuntu.com/4485-1/ | third party advisory vendor advisory |