From redhat bugzilla at $URL: There is a potential integer overflow in drm_mode_dirtyfb_ioctl() if userspace passes in a large num_clips. The call to kmalloc would allocate a small buffer, and the call to fb->funcs->dirty may result in a memory corruption. Reported-by: Haogang Chen <haogangchen@gmail.com> Signed-off-by: Xi Wang <xi.wang@gmail.com> Upstream commit: http://git.kernel.org/linus/a5cd335165e31db9dbab636fd29895d41da55dd2 Acknowledgements: Red Hat would like to thank Chen Haogang for reporting this issue.
commit 3abc172fa261687b200001ed289c0c2c0c6f304a Author: Justin Lecher <jlec@gentoo.org> Date: Sun Oct 23 09:35:42 2016 +0200 sys-kernel/aufs-sources: Bump to latest genpatches and linux release to mitigate CVE-2012-0044 Gentoo-Bug: https://bugs.gentoo.org/show_bug.cgi?id=398363 Package-Manager: portage-2.3.2 Signed-off-by: Justin Lecher <jlec@gentoo.org> https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=3abc172fa261687b200001ed289c0c2c0c6f304a
There are no longer any 2.x kernels or <3.1.5 available in the repository with the exception of sys-kernel/xbox-sources which is unsupported by security.