Comment 3 for bug 647071
Revision history for this message
| Leann Ogasawara (leannogasawara) wrote | #3 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
0e1f616
(Get the code!)
3 patches to resolve CVE-2010-2962 were embargoed until Oct 4. They are meant to prevent a local root escalation hole in the i915 driver. These patches should also be included in this day 0 kernel upload.
http://
drm/i915: Rephrase pwrite bounds checking to avoid any potential overflow
CVE-2010-2962
... and do the same for pread.
=====
http://
drm/i915: Skip pread/pwrite if size to copy is 0.
CVE-2010-2962
=====
http://
drm/i915: Sanity check pread/pwrite
CVE-2010-2962
Move the access control up from the fast paths which are no longer
universally taken first up into the caller. This then duplicates some
sanity checking along the slow paths, but is much simpler.