CVE-2012-0044 : Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (D

Integer overflow in the drm_mode_dirtyfb_ioctl function in drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service (memory corruption) via a crafted ioctl call.

Published 2012-05-17 11:00:36

Updated 2023-02-13 03:24:14

Source Red Hat, Inc.

View at NVD, CVE.org

Vulnerability category: OverflowMemory CorruptionDenial of service

Exploit prediction scoring system (EPSS) score for CVE-2012-0044

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2012-0044

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2012-0044

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2012-0044

http://www.securityfocus.com/bid/51371

Linux Kernel DRM 'drivers/gpu/drm/crm_crtc.c' IOCTL Local Privilege Escalation Vulnerability
Third Party Advisory;VDB Entry
http://rhn.redhat.com/errata/RHSA-2012-0743.html

RHSA-2012:0743 - Security Advisory - Red Hat Customer Portal
Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1556-1

USN-1556-1: Linux kernel (EC2) vulnerabilities | Ubuntu security notices
Patch;Third Party Advisory

CVEs referencing this url
http://www.ubuntu.com/usn/USN-1555-1

USN-1555-1: Linux kernel vulnerabilities | Ubuntu security notices
Patch;Third Party Advisory

CVEs referencing this url
http://www.openwall.com/lists/oss-security/2012/01/12/1

oss-security - Re: CVE request - kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl()
Mailing List;Patch;Third Party Advisory
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a5cd335165e31db9dbab636fd29895d41da55dd2
https://bugzilla.redhat.com/show_bug.cgi?id=772894

772894 – (CVE-2012-0044) CVE-2012-0044 kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl()
Issue Tracking;Patch;Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.1.5

Mailing List;Patch;Vendor Advisory
https://github.com/torvalds/linux/commit/a5cd335165e31db9dbab636fd29895d41da55dd2

drm: integer overflow in drm_mode_dirtyfb_ioctl() · torvalds/linux@a5cd335 · GitHub
Patch;Third Party Advisory

Products affected by CVE-2012-0044

Linux » Linux Kernel
Versions before (<) 3.0.13
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Linux » Linux Kernel
Versions from including (>=) 3.1 and before (<) 3.1.5
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions
Canonical » Ubuntu Linux » Version: 10.04
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
Matching versions

Vulnerability Details : CVE-2012-0044

Exploit prediction scoring system (EPSS) score for CVE-2012-0044

CVSS scores for CVE-2012-0044

CWE ids for CVE-2012-0044

References for CVE-2012-0044

Products affected by CVE-2012-0044