ACK: [CVE-2012-0044] drm clip overflow
Stefan Bader
stefan.bader at canonical.com
Wed Jan 18 13:13:26 UTC 2012
On 18.01.2012 13:54, Andy Whitcroft wrote:
> CVE-2012-0044
> There is a potential integer overflow in
> drm_mode_dirtyfb_ioctl() if userspace passes in a large
> num_clips. The call to kmalloc would allocate a small
> buffer, and the call to fb->funcs->dirty may result in a
> memory corruption.
>
> This problem was introduced in maverick, and fixes for it have hit
> oneiric and later via mainline and stable. Following this email is a
> patch for maverick, maverick/ti-omap4, natty and natty/ti-omap4. This
> is a simple cherry-pick from mainline.
>
> Proposing for maverick, maverick/ti-omap4, natty and natty/ti-omap4.
>
> -apw
>
This time hopefully hitting the right one...
More information about the kernel-team
mailing list