[SRU Bionic PATCH 0/3] CVE-2021-33655
cengiz.can at canonical.com
Fri Aug 5 15:54:32 UTC 2022
When sending malicous data to kernel by ioctl cmd FBIOPUT_VSCREENINFO,
kernel will write memory out of bounds.
MITRE entry points to a merge commit that contain six patches. Three of
those were considered relevant.
commit 6c11df58fd1a ("fbmem: Check virtual screen sizes in fb_set_var()")
commit e64242caef18 ("fbcon: Prevent that screen size is smaller than font size")
commit 65a01e601dbb ("fbcon: Disallow setting font bigger than screen size")
Only the first of those three were backported as far as 4.14 stable.
Second and third patches have backport candidates that are under review.
(I didn't pick CONFIG_FB is_console_locked patch. It seems irrelevant).
Compile and boot tested on KVM only.
Somehow high due to changes being very new and not accepted to stable
tree yet. fbcon must be thoroughly tested.
Helge Deller (3):
fbcon: Disallow setting font bigger than screen size
fbcon: Prevent that screen size is smaller than font size
fbmem: Check virtual screen sizes in fb_set_var()
drivers/video/fbdev/core/fbcon.c | 33 ++++++++++++++++++++++++++++++++
drivers/video/fbdev/core/fbmem.c | 20 ++++++++++++++++---
include/linux/fbcon.h | 4 ++++
3 files changed, 54 insertions(+), 3 deletions(-)
More information about the kernel-team