APPLIED: [CVE-2011-2700] si4713-i2c: avoid potential buffer overflow on si4713
Tim Gardner
tim.gardner at canonical.com
Mon Sep 19 13:00:48 UTC 2011
On 09/19/2011 03:47 AM, Andy Whitcroft wrote:
> CVE-2011-2700
> Multiple buffer overflows in the si4713_write_econtrol_string
> function in drivers/media/radio/si4713-i2c.c in the Linux kernel
> before 2.6.39.4 on the N900 platform might allow local users to
> cause a denial of service or have unspecified other impact via a
> crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or
> (2) V4L2_CID_RDS_TX_RADIO_TEXT control ID.
>
> The fix for this issue has hit oneiric, natty, and lucid via mainline
> and stable. The affected driver was introduced between v2.6.31 and
> v2.6.32 therefore lucid/fsl-imx51 and hardy are unaffected. Following
> this email is a single patch for maverick, maverick/ti-omap4, natty,
> and natty/ti-omap4. This is a simple cherry-pick from mainline.
>
> Proposing for maverick, maverick/ti-omap4, natty, and natty/ti-omap4.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list