On Mon, 23 Apr 2012 04:06:41 -0400, Xi Wang <[email protected]> wrote: > On 32-bit systems, a large args->buffer_count from userspace via ioctl > may overflow the allocation size, leading to out-of-bounds access. > > This vulnerability was introduced in commit 8408c282 ("drm/i915: > First try a normal large kmalloc for the temporary exec buffers"). > > Signed-off-by: Xi Wang <[email protected]> > Cc: Chris Wilson <[email protected]> > Cc: [email protected] Reviewed-by: Chris Wilson <[email protected]> -Chris
-- Chris Wilson, Intel Open Source Technology Centre -- To unsubscribe from this list: send the line "unsubscribe stable" in the body of a message to [email protected] More majordomo info at http://vger.kernel.org/majordomo-info.html
