** Description changed: - [execution in the early microcode loader x86/intel] Guard against stack - overflow in the loader mc_saved_tmp is a static array allocated on the - stack, we need to make sure mc_saved_count stays within its bounds, - otherwise we're overflowing the stack in _save_mc(). A specially crafted - microcode header could lead to a kernel crash or potentially kernel - execution. + [execution in the early microcode loader x86/intel] + Guard against stack overflow in the loader + mc_saved_tmp is a static array allocated on the stack, we need to make sure mc_saved_count stays within its bounds, otherwise we're overflowing the stack in _save_mc(). A specially crafted microcode header could lead to a kernel crash or potentially kernel execution. Break-Fix: ec400ddeff200b068ddc6c70f7321f49ecf32ed5 f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1438504 Title: CVE-2015-2666 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1438504/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
