ACK: [CVE-2012-0044] drm clip overflow

Stefan Bader stefan.bader at canonical.com
Wed Jan 18 13:13:26 UTC 2012


On 18.01.2012 13:54, Andy Whitcroft wrote:
> CVE-2012-0044
> 	There is a potential integer overflow in
> 	drm_mode_dirtyfb_ioctl() if userspace passes in a large
> 	num_clips. The call to kmalloc would allocate a small
> 	buffer, and the call to fb->funcs->dirty may result in a
> 	memory corruption.
> 
> This problem was introduced in maverick, and fixes for it have hit
> oneiric and later via mainline and stable.  Following this email is a
> patch for maverick, maverick/ti-omap4, natty and natty/ti-omap4.  This
> is a simple cherry-pick from mainline.
> 
> Proposing for maverick, maverick/ti-omap4, natty and natty/ti-omap4.
> 
> -apw
> 
This time hopefully hitting the right one...




More information about the kernel-team mailing list