[CVE-2011-1746] agp: fix OOM and buffer overflow
Andy Whitcroft
apw at canonical.com
Fri Jun 3 10:58:18 UTC 2011
On Thu, Jun 02, 2011 at 08:03:57AM -0700, Tim Gardner wrote:
> On 06/02/2011 09:38 AM, Andy Whitcroft wrote:
> >CVE-2011-1746
> > Multiple integer overflows in the (1) agp_allocate_memory and (2)
> > agp_create_user_memory functions in drivers/char/agp/generic.c
> > in the Linux kernel before 2.6.38.5 allow local users to trigger
> > buffer overflows, and consequently cause a denial of service
> > (system crash) or possibly have unspecified other impact, via
> > vectors related to calls that specify a large number of memory
> > pages.
> >
> >This fix was applied to Oneiric, Natty, and Lucid via mainline and
> >stable updates. Following this email is a patch which applies to both
> >Hardy and Maverick, this is a simple cherry-pick from mainline.
> >
> >Proposing for Hardy and Maverick.
> >
> >-apw
> >
>
> Thought you did this one already?
>
> Acked-by: Tim Gardner <tim.gardner at canonical.com>
Three different commits it seems across the same driver.
-apw
More information about the kernel-team
mailing list