APPLIED[Kinetic]: [SRU][OEM-6.0/HWE-5.19][PATCH 0/1] CVE-2022-36280
Stefan Bader
stefan.bader at canonical.com
Tue Mar 28 09:50:28 UTC 2023
On 17.03.23 21:26, Yuxuan Luo wrote:
> [Impact]
> A potential out-of-bound write vulnerability was found at drm/vmwgfx. Since the
> dimension parameter is not sanity checked, it is possible to overflow the
> memcpy, leading to crashes.
>
> [Backport]
> It is a clean cherry pick.
>
> [Test]
> Compile and smoke tested by modprobe the vmwgfx mod.
>
> [Potential Regression]
> Expecting low risk as the commit only add two condition check.
>
> Zack Rusin (1):
> drm/vmwgfx: Validate the box size for the snooped cursor
>
> drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
Applied to kinetic:linux/master-next. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230328/4141a8c2/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20230328/4141a8c2/attachment-0001.sig>
More information about the kernel-team
mailing list