CVE-2013-7445

NameCVE-2013-7445
DescriptionThe Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated by JavaScript code that creates many CANVAS elements for rendering by Chrome or Firefox.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1000886

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
linux (PTS)jessie, jessie (lts)3.16.84-1vulnerable
stretch (security)4.9.320-2vulnerable
stretch (lts), stretch4.9.320-3vulnerable
buster (security), buster, buster (lts)4.19.316-1vulnerable
bullseye5.10.223-1vulnerable
bullseye (security)5.10.226-1vulnerable
bookworm6.1.115-1vulnerable
bookworm (security)6.1.119-1vulnerable
trixie6.12.5-1vulnerable
sid6.12.6-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
linuxsource(unstable)(unfixed)1000886
linux-2.6source(unstable)(unfixed)

Notes

[bookworm] - linux <ignored> (Minor issue, requires invasive changes)
[bullseye] - linux <ignored> (Minor issue, requires invasive changes)
[buster] - linux <ignored> (Minor issue, requires invasive changes)
[stretch] - linux <ignored> (Minor issue, requires invasive changes)
[jessie] - linux <ignored> (Minor issue, requires invasive changes)
[wheezy] - linux <no-dsa> (Minor issue, requires invasive changes)
https://bugzilla.kernel.org/show_bug.cgi?id=60533

Search for package or bug name: Reporting problems