APPLIED: [CVE-2011-2700] si4713-i2c: avoid potential buffer overflow on si4713

Tim Gardner tim.gardner at
Mon Sep 19 13:00:48 UTC 2011

On 09/19/2011 03:47 AM, Andy Whitcroft wrote:
> CVE-2011-2700
> 	Multiple buffer overflows in the si4713_write_econtrol_string
> 	function in drivers/media/radio/si4713-i2c.c in the Linux kernel
> 	before on the N900 platform might allow local users to
> 	cause a denial of service or have unspecified other impact via a
> 	crafted s_ext_ctrls operation with a (1) V4L2_CID_RDS_TX_PS_NAME or
> 	(2) V4L2_CID_RDS_TX_RADIO_TEXT control ID.
> The fix for this issue has hit oneiric, natty, and lucid via mainline
> and stable.  The affected driver was introduced between v2.6.31 and
> v2.6.32 therefore lucid/fsl-imx51 and hardy are unaffected.  Following
> this email is a single patch for maverick, maverick/ti-omap4, natty,
> and natty/ti-omap4.  This is a simple cherry-pick from mainline.
> Proposing for maverick, maverick/ti-omap4, natty, and natty/ti-omap4.
> -apw

Tim Gardner tim.gardner at

More information about the kernel-team mailing list