** Changed in: linux-armadaxp (Ubuntu Maverick) Status: New => Invalid
** Description changed: - There is a potential integer overflow in drm_mode_dirtyfb_ioctl() if - userspace passes in a large num_clips. The call to kmalloc would - allocate a small buffer, and the call to fb->funcs->dirty may result in - a memory corruption. + Integer overflow in the drm_mode_dirtyfb_ioctl function in + drivers/gpu/drm/drm_crtc.c in the Direct Rendering Manager (DRM) + subsystem in the Linux kernel before 3.1.5 allows local users to gain + privileges or cause a denial of service (memory corruption) via a + crafted ioctl call. Break-Fix: 884840aa3ce3214259e69557be5b4ce0d781ffa4 a5cd335165e31db9dbab636fd29895d41da55dd2 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/917838 Title: CVE-2012-0044 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/917838/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs