** Changed in: linux-armadaxp (Ubuntu Maverick)
Status: New => Invalid
** Description changed:
- There is a potential integer overflow in drm_mode_dirtyfb_ioctl() if
- userspace passes in a large num_clips. The call to kmalloc would
- allocate a small buffer, and the call to fb->funcs->dirty may result in
- a memory corruption.
+ Integer overflow in the drm_mode_dirtyfb_ioctl function in
+ drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM)
+ subsystem in the Linux kernel before 3.1.5 allows local users to gain
+ privileges or cause a denial of service (memory corruption) via a
+ crafted ioctl call.
Break-Fix: 884840aa3ce3214259e69557be5b4ce0d781ffa4
a5cd335165e31db9dbab636fd29895d41da55dd2
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/917838
Title:
CVE-2012-0044
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/917838/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
