** Description changed: - overflow of cliprect kmalloc as args->num_cliprects is not bounded and - passed in via a user ioctl + Integer overflow in the i915_gem_execbuffer2 function in + drivers/gpu/drm/i915/i915_gem_execbuffer.c in the Direct Rendering + Manager (DRM) subsystem in the Linux kernel before 3.3.5 on 32-bit + platforms allows local users to cause a denial of service (out-of-bounds + write) or possibly have unspecified other impact via a crafted ioctl + call. Break-Fix: 8408c282f0cf34ee166df5f842f2861d245407fd ed8cd3b2cd61004cab85380c52b1817aca1ca49b
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1003659 Title: CVE-2012-2383 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1003659/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
