[SRU F/OEM-5.14/J/OEM-5.17 PATCH 0/3] CVE-2021-33655
Cengiz Can
cengiz.can at canonical.com
Fri Aug 5 14:13:42 UTC 2022
On Fri, 2022-08-05 at 14:15 +0200, Stefan Bader wrote:
> On 05.08.22 12:09, Cengiz Can wrote:
> > [Impact]
> > When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,
> > kernel will write memory out of bounds.
> >
> > [Fix]
> > Fixes were cherry-picked from closest stable trees and upstream.
> >
> > MITRE entry points to a merge commit that contain six patches. Three of
> > those were considered relevant.
> >
> > [Test case]
> > Compile and boot tested on KVM only.
> >
> > [Potential regression]
> > Due to self contained changes on >5.4, seems minimal.
> >
> > Helge Deller (3):
> > fbcon: Disallow setting font bigger than screen size
> > fbcon: Prevent that screen size is smaller than font size
> > fbmem: Check virtual screen sizes in fb_set_var()
> >
> > drivers/video/fbdev/core/fbcon.c | 33 ++++++++++++++++++++++++++++++++
> > drivers/video/fbdev/core/fbmem.c | 14 +++++++++++++-
> > include/linux/fbcon.h | 4 ++++
> > 3 files changed, 50 insertions(+), 1 deletion(-)
> >
>
> I wonder whether you should, instead of submitting for jammy:linux-oem-5.17 do
> submissions for jammy:linux-hwe-5.17 instead...
Thanks for the heads up!
Next time, I'll target linux-hwe-5.17 for 5.17.
>
> -Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220805/8db655e1/attachment.sig>
More information about the kernel-team
mailing list