APPLIED: [CVE-2012-0044] drm clip overflow
Tim Gardner
rtg.canonical at gmail.com
Wed Jan 18 15:24:05 UTC 2012
On 01/18/2012 05:54 AM, Andy Whitcroft wrote:
> CVE-2012-0044
> There is a potential integer overflow in
> drm_mode_dirtyfb_ioctl() if userspace passes in a large
> num_clips. The call to kmalloc would allocate a small
> buffer, and the call to fb->funcs->dirty may result in a
> memory corruption.
>
> This problem was introduced in maverick, and fixes for it have hit
> oneiric and later via mainline and stable. Following this email is a
> patch for maverick, maverick/ti-omap4, natty and natty/ti-omap4. This
> is a simple cherry-pick from mainline.
>
> Proposing for maverick, maverick/ti-omap4, natty and natty/ti-omap4.
>
> -apw
>
--
Tim Gardner tim.gardner at canonical.com
More information about the kernel-team
mailing list