Severity : High
Published : 2011-05-09
Modified : 2012-03-19
Base Score : 7.2
Details : Integer signedness error in the drm_modeset_ctl function in (1) drivers/gpu/drm/drm_irq.c in the Direct Rendering Manager (DRM) subsystem in the Linux kernel before 2.6.38 and (2) sys/dev/pci/drm/drm_irq.c in the kernel in OpenBSD before 4.9 allows local users to trigger out-of-bounds write operations, and consequently cause a denial of service (system crash) or possibly have unspecified other impact, via a crafted num_crtcs (aka vb_num) structure member in an ioctl argument.
Product/Version : MVL6 Kernel 2.6.27  
Carrier Grade CGE 6.0  

CVE Vulnerabilities List CVE-2011