Ack: Re: [CVE-2012-0044] drm clip overflow
Herton Ronaldo Krzesinski
herton.krzesinski at canonical.com
Wed Jan 18 13:42:20 UTC 2012
On Wed, Jan 18, 2012 at 12:54:13PM +0000, Andy Whitcroft wrote:
> CVE-2012-0044
> There is a potential integer overflow in
> drm_mode_dirtyfb_ioctl() if userspace passes in a large
> num_clips. The call to kmalloc would allocate a small
> buffer, and the call to fb->funcs->dirty may result in a
> memory corruption.
>
> This problem was introduced in maverick, and fixes for it have hit
> oneiric and later via mainline and stable. Following this email is a
> patch for maverick, maverick/ti-omap4, natty and natty/ti-omap4. This
> is a simple cherry-pick from mainline.
>
> Proposing for maverick, maverick/ti-omap4, natty and natty/ti-omap4.
>
> -apw
>
> --
> kernel-team mailing list
> kernel-team at lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
More information about the kernel-team
mailing list