[CVE-2011-2022] agp: fix arbitrary kernel memory writes
Tim Gardner
tim.gardner at canonical.com
Thu May 26 16:04:14 UTC 2011
On 05/26/2011 09:50 AM, Andy Whitcroft wrote:
> CVE-2011-2022
>
> The agp_generic_remove_memory function in
> drivers/char/agp/generic.c in the Linux kernel before 2.6.38.5 does
> not validate a certain start parameter, which allows local users
> to gain privileges or cause a denial of service (system crash)
> via a crafted AGPIOC_UNBIND agp_ioctl ioctl call, a different
> vulnerability than CVE-2011-1745.
>
> This is already fixed and released in Oneiric, Natty, and Lucid arriving
> via mainline and stable. Following this email is a patch applicable to
> both Maverick and Hardy.
>
> Proposing for Maverick and Hardy.
>
> -apw
>
Acked-by: Tim Gardner <tim.gardner at canonical.com>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list