[linux-yocto] [PATCH 4/4] drm/vmwgfx: limit the number of mip levels in vmw_gb_surface_define_ioctl()

From: Vladis Dronov commit: ee9c4e681ec4f58e42a83cb0c22a0289ade1aacf upstream The 'req->mip_levels' parameter in vmw_gb_surface_define_ioctl() is a user-controlled 'uint32_t' value which is used as a loop count limit. This can lead to a kernel lockup and DoS. Add check for

[linux-yocto] [PATCH 3/4] ACPICA: Namespace: fix operand cache leak

From: Seunghun Han commit 3b2d69114fefa474fca542e51119036dceb4aa6f upstream ACPICA commit a23325b2e583556eae88ed3f764e457786bf4df6 I found some ACPI operand cache leaks in ACPI early abort cases. Boot log of ACPI operand cache leak is as follows: >[0.174332] ACPI:

[linux-yocto] [PATCH 2/4] char: lp: fix possible integer overflow in lp_setup()

From: Willy Tarreau commit 3e21f4af170bebf47c187c1ff8bf155583c9f3b1 upstream The lp_setup() code doesn't apply any bounds checking when passing "lp=none", and only in this case, resulting in an overflow of the parport_nr[] array. All versions in Git history are affected.

[linux-yocto] [linux-yocto-4.10][PATCH 0/4] For CVE-2017-8890, CVE-2017-1000363, CVE-2017-11472, CVE-2017-7346

This series of patches are for CVE, including CVE-2017-8890, CVE-2017-1000363,CVE-2017-11472,CVE-2017-7346 Eric Dumazet (1): dccp/tcp: do not inherit mc_list from parent Seunghun Han (1): ACPICA: Namespace: fix operand cache leak Vladis Dronov (1): drm/vmwgfx: limit the number of mip

[linux-yocto] [PATCH 1/4] dccp/tcp: do not inherit mc_list from parent

From: Eric Dumazet commit 657831ffc38e30092a2d5f03d385d710eb88b09a upstream syzkaller found a way to trigger double frees from ip_mc_drop_socket() It turns out that leave a copy of parent mc_list at accept() time, which is very bad. Very similar to commit 8b485ce69876