CVE-2013-7445

NameCVE-2013-7445
DescriptionThe Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)stretch4.9.228-1vulnerable
stretch (security)4.9.272-2vulnerable
buster4.19.208-1vulnerable
buster (security)4.19.194-3vulnerable
bullseye5.10.70-1vulnerable
bullseye (security)5.10.46-5vulnerable
bookworm5.14.9-2vulnerable
sid5.14.12-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)(unfixed)
linux-2.6source(unstable)(unfixed)

Notes

[bullseye] - linux <ignored> (Minor issue, requires invasive changes)
[buster] - linux <ignored> (Minor issue, requires invasive changes)
[stretch] - linux <ignored> (Minor issue, requires invasive changes)
[jessie] - linux <ignored> (Minor issue, requires invasive changes)
[wheezy] - linux <no-dsa> (Minor issue, requires invasive changes)
https://bugzilla.kernel.org/show_bug.cgi?id=60533

Search for package or bug name: Reporting problems