Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 398363 (CVE-2012-0044) - Kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl() (CVE-2012-0044)
Summary: Kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl() (CVE-2012-0044)
Status: RESOLVED FIXED
Alias: CVE-2012-0044
Product: Gentoo Security
Classification: Unclassified
Component: Kernel (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Kernel Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-01-10 11:03 UTC by Agostino Sarubbo
Modified: 2018-04-04 17:52 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-01-10 11:03:48 UTC
From redhat bugzilla at $URL:

There is a potential integer overflow in drm_mode_dirtyfb_ioctl() if userspace
passes in a large num_clips.  The call to kmalloc would allocate a small
buffer, and the call to fb->funcs->dirty may result in a memory corruption.

Reported-by: Haogang Chen <haogangchen@gmail.com>
Signed-off-by: Xi Wang <xi.wang@gmail.com>

Upstream commit:
http://git.kernel.org/linus/a5cd335165e31db9dbab636fd29895d41da55dd2

Acknowledgements:

Red Hat would like to thank Chen Haogang for reporting this issue.
Comment 1 Justin Lecher (RETIRED) gentoo-dev 2016-10-23 07:37:18 UTC
commit 3abc172fa261687b200001ed289c0c2c0c6f304a
Author: Justin Lecher <jlec@gentoo.org>
Date:   Sun Oct 23 09:35:42 2016 +0200

    sys-kernel/aufs-sources: Bump to latest genpatches and linux release to mitigate CVE-2012-0044

    Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=398363

    Package-Manager: portage-2.3.2
    Signed-off-by: Justin Lecher <jlec@gentoo.org>

    https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3abc172fa261687b200001ed289c0c2c0c6f304a
Comment 2 Aaron Bauman (RETIRED) gentoo-dev 2018-04-04 17:52:00 UTC
There are no longer any 2.x kernels or <3.1.5 available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.