Bug 2203831 (CVE-2023-28410) - CVE-2023-28410 hw: Intel: Improper restriction in memory buffer in graphics drivers cause escalation of privilege
Summary: CVE-2023-28410 hw: Intel: Improper restriction in memory buffer in graphics d...
Keywords:
Status: NEW
Alias: CVE-2023-28410
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Nobody
QA Contact:
URL:
Whiteboard:
Depends On: 2041811 2043115 2207644 2207645 2207646 2207647 2207648
Blocks: 2203191
TreeView+ depends on / blocked
 
Reported: 2023-05-15 11:36 UTC by Rohit Keshri
Modified: 2023-07-07 08:32 UTC (History)
44 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Linux kernel i915 graphics driver that improperly restricts operations within the bounds of a memory buffer. This issue could allow a local user to crash the system or potentially escalate their privileges on the system.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description Rohit Keshri 2023-05-15 11:36:02 UTC 
Improper restriction of operations within the bounds of a memory buffer in some Intel(R) i915 Graphics drivers for linux before kernel version 6.2.10 may allow an authenticated user to potentially enable escalation of privilege via local access.

Refer:
https://github.com/torvalds/linux/commit/3886a86e7e6cc6ce2ce93c440fecd8f42aed0ce7
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00886.html
Comment 4 Alex 2023-05-16 12:24:36 UTC 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 2207644]
Comment 10 Justin M. Forbes 2023-05-30 17:05:31 UTC 
While it looks as though the main flaw was fixed with kernel 5.16.19, Fedora is currently on the 6.3 series, and well past the intel recommended 6.2.10
Note You need to log in before you can comment on or make changes to this bug.