[CVE-2011-2700] si4713-i2c: avoid potential buffer overflow on si4713
apw at canonical.com
Mon Sep 19 09:47:58 UTC 2011
Multiple buffer overflows in the si4713_write_econtrol_string
function in drivers/media/radio/si4713-i2c.c in the Linux kernel
before 126.96.36.199 on the N900 platform might allow local users to
cause a denial of service or have unspecified other impact via a
crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or
(2) V4L2_CID_RDS_TX_RADIO_TEXT control ID.
The fix for this issue has hit oneiric, natty, and lucid via mainline
and stable. The affected driver was introduced between v2.6.31 and
v2.6.32 therefore lucid/fsl-imx51 and hardy are unaffected. Following
this email is a single patch for maverick, maverick/ti-omap4, natty,
and natty/ti-omap4. This is a simple cherry-pick from mainline.
Proposing for maverick, maverick/ti-omap4, natty, and natty/ti-omap4.
More information about the kernel-team