[VIM] [CVENEW] New CVE CANs: 2013/03/18 11:00 ; count=2

coley at mitre.org coley at mitre.org
Mon Mar 18 10:04:23 CDT 2013


======================================================
Name: CVE-2013-0913
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0913
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130107
Category: 
Reference: MLIST:[linux-kernel] 20130311 [PATCH] drm/i915: bounds check execbuffer relocations
Reference: URL:https://lkml.org/lkml/2013/3/11/501
Reference: MLIST:[oss-security] 20130311 CVE-2013-0913 Linux kernel i915 integer overflow
Reference: URL:http://openwall.com/lists/oss-security/2013/03/11/6
Reference: MLIST:[oss-security] 20130313 Re: CVE-2013-0913 Linux kernel i915 integer overflow
Reference: URL:http://openwall.com/lists/oss-security/2013/03/13/9
Reference: MLIST:[oss-security] 20130314 Re: CVE-2013-0913 Linux kernel i915 integer overflow
Reference: URL:http://openwall.com/lists/oss-security/2013/03/14/22
Reference: CONFIRM:http://git.chromium.org/gitweb/?p=chromiumos/third_party/kernel.git;a=commit;h=c79efdf2b7f68f985922a8272d64269ecd490477
Reference: CONFIRM:http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html
Reference: CONFIRM:https://code.google.com/p/chromium-os/issues/detail?id=39733
Reference: CONFIRM:https://gerrit.chromium.org/gerrit/45118

Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the
i915 driver in the Direct Rendering Manager (DRM) subsystem in the
Linux kernel through 3.8.3, as used in Google Chrome OS before
25.0.1364.173 and other products, allows local users to cause a denial
of service (heap-based buffer overflow) or possibly have unspecified
other impact via a crafted application that triggers many relocation
copies, and potentially leads to a race condition.



======================================================
Name: CVE-2013-0915
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0915
Final-Decision: 
Interim-Decision: 
Modified: 
Proposed: 
Assigned: 20130107
Category: 
Reference: CONFIRM:http://googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.html
Reference: CONFIRM:https://code.google.com/p/chromium/issues/detail?id=181083

The GPU process in Google Chrome OS before 25.0.1364.173 allows
attackers to cause a denial of service or possibly have unspecified
other impact via vectors related to an "overflow."





More information about the VIM mailing list