CVE-2013-7445

NameCVE-2013-7445
DescriptionThe Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie3.16.56-1+deb8u1vulnerable
jessie (security)3.16.74-1vulnerable
stretch4.9.189-3vulnerable
stretch (security)4.9.189-3+deb9u1vulnerable
buster4.19.67-2vulnerable
buster (security)4.19.67-2+deb10u1vulnerable
bullseye5.2.17-1vulnerable
sid5.3.7-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)(unfixed)
linux-2.6source(unstable)(unfixed)

Notes

[buster] - linux <ignored> (Minor issue, requires invasive changes)
[stretch] - linux <ignored> (Minor issue, requires invasive changes)
[jessie] - linux <ignored> (Minor issue, requires invasive changes)
[wheezy] - linux <no-dsa> (Minor issue, requires invasive changes)
[jessie] - linux-4.9 <ignored> (Minor issue, requires invasive changes)
https://bugzilla.kernel.org/show_bug.cgi?id=60533

Search for package or bug name: Reporting problems