[CVE-2011-2700] si4713-i2c: avoid potential buffer overflow on si4713

Andy Whitcroft apw at canonical.com
Mon Sep 19 09:47:58 UTC 2011

	Multiple buffer overflows in the si4713_write_econtrol_string
	function in drivers/media/radio/si4713-i2c.c in the Linux kernel
	before on the N900 platform might allow local users to
	cause a denial of service or have unspecified other impact via a
	crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or
	(2) V4L2_CID_RDS_TX_RADIO_TEXT control ID.

The fix for this issue has hit oneiric, natty, and lucid via mainline
and stable.  The affected driver was introduced between v2.6.31 and
v2.6.32 therefore lucid/fsl-imx51 and hardy are unaffected.  Following
this email is a single patch for maverick, maverick/ti-omap4, natty,
and natty/ti-omap4.  This is a simple cherry-pick from mainline.

Proposing for maverick, maverick/ti-omap4, natty, and natty/ti-omap4.


More information about the kernel-team mailing list