On 12/28/25 14:17, Greg Kroah-Hartman wrote:
The UFX_IOCTL_REPORT_DAMAGE ioctl does not properly copy data from
userspace to kernelspace, and instead directly references the memory,
which can cause problems if invalid data is passed from userspace. Fix
this all up by correctly copying the memory before accessing it within
the kernel.
Reported-by: Tianchu Chen <[email protected]>
Cc: stable <[email protected]>
Cc: Steve Glendinning <[email protected]>
Cc: Helge Deller <[email protected]>
Signed-off-by: Greg Kroah-Hartman <[email protected]>
---
drivers/video/fbdev/smscufx.c | 8 ++++++--
1 file changed, 6 insertions(+), 2 deletions(-)
applied to fbdev git tree.
Thanks!
Helge
