CVE-2013-0913
Description
Integer overflow in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver in the Direct Rendering Manager (DRM) subsystem in the Linux kernel through 3.8.3, as used in Google Chrome OS before 25.0.1364.173 and other products, allows local users to cause a denial of service (heap-based buffer overflow) or possibly have unspecified other impact via a crafted application that triggers many relocation copies, and potentially leads to a race condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An integer overflow in the Linux kernel i915 DRM driver allows local users to cause a heap-based buffer overflow leading to denial-of-service or privilege escalation.
Vulnerability
An integer overflow flaw exists in drivers/gpu/drm/i915/i915_gem_execbuffer.c in the i915 driver of the Direct Rendering Manager (DRM) subsystem in the Linux kernel through version 3.8.3. The bug occurs when handling the allocation of a buffer used for relocation copies; a crafted application that triggers many relocation copies can overflow a size calculation, leading to a heap-based buffer overflow. The vulnerability is also present in Google Chrome OS before version 25.0.1364.173 [1][2].
Exploitation
A local user with console access can exploit this vulnerability by running a specially crafted application that causes an integer overflow during the relocation copy buffer allocation. The overflow can corrupt heap memory, and the condition potentially involves a race window that makes exploitation more complex but still feasible [1][2].
Impact
Successful exploitation allows a local attacker to cause a denial of service (system crash) or possibly escalate privileges to gain higher-level access on the affected system [1][3][4]. The impact is considered important by Red Hat and Ubuntu, with the potential for privilege escalation [1].
Mitigation
Updates are available from Red Hat (RHSA-2013-0744) [1] and Ubuntu (USN-1813-1 and USN-1812-1) [3][4]. Users should apply the patched kernel versions provided by their distribution. No workaround is documented in the available references, and the CVE is not listed on the KEV.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- Range: <=3.8.3
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
17- lkml.org/lkml/2013/3/11/501nvdPatchThird Party Advisory
- git.chromium.org/gitweb/nvdThird Party Advisory
- googlechromereleases.blogspot.com/2013/03/stable-channel-update-for-chrome-os_15.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2013-05/msg00018.htmlnvdThird Party AdvisoryVDB Entry
- lists.opensuse.org/opensuse-security-announce/2013-06/msg00005.htmlnvdThird Party AdvisoryVDB Entry
- rhn.redhat.com/errata/RHSA-2013-0744.htmlnvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1809-1nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1811-1nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1812-1nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1813-1nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1814-1nvdThird Party AdvisoryVDB Entry
- code.google.com/p/chromium-os/issues/detailnvdThird Party Advisory
- gerrit.chromium.org/gerrit/45118nvdThird Party Advisory
- openwall.com/lists/oss-security/2013/03/11/6nvdMailing List
- openwall.com/lists/oss-security/2013/03/13/9nvdMailing List
- openwall.com/lists/oss-security/2013/03/14/22nvdMailing List
- bugzilla.redhat.com/show_bug.cginvdIssue Tracking
News mentions
0No linked articles in our index yet.