Xi Wang ed8cd3b2cd drm/i915: fix integer overflow in i915_gem_execbuffer2() ... On 32-bit systems, a large args->buffer_count from userspace via ioctl may overflow the allocation size, leading to out-of-bounds access. This vulnerability was introduced in commit 8408c282 ("drm/i915: First try a normal large kmalloc for the temporary exec buffers"). Signed-off-by: Xi Wang <xi.wang@gmail.com> Reviewed-by: Chris Wilson <chris@chris-wilson.co.uk> Cc: stable@vger.kernel.org Signed-off-by: Daniel Vetter <daniel.vetter@ffwll.ch>		2012-04-23 22:32:02 +02:00
..
accessibility
acpi	Revert "ACPI: ignore FADT reset-reg-sup flag"	2012-04-20 11:19:35 -07:00
amba
ata
atm
auxdisplay
base
bcma
block	Fixes in various components:	2012-04-20 11:31:00 -07:00
bluetooth
cdrom
char
clk
clocksource
connector
cpufreq
cpuidle
crypto
dca
devfreq
dio
dma
edac
eisa
firewire
firmware
gpio
gpu	drm/i915: fix integer overflow in i915_gem_execbuffer2()	2012-04-23 22:32:02 +02:00
hid
hsi
hv
hwmon
hwspinlock
i2c
ide
idle
ieee802154
infiniband
input
iommu
isdn
leds
lguest
macintosh
mca
md
media	Merge branch 'v4l_for_linus' of git://git.kernel.org/pub/scm/linux/kernel/git/mchehab/linux-media	2012-04-21 12:43:23 -07:00
memstick
message
mfd
misc
mmc	mmc: core: Do not pre-claim host in suspend	2012-04-20 21:52:13 -04:00
mtd
net
nfc
nubus
of
oprofile
parisc
parport
pci
pcmcia
pinctrl
platform
pnp
power
pps
ps3
ptp
rapidio
regulator
remoteproc
rpmsg
rtc
s390
sbus
scsi
sfi
sh
sn
spi
ssb
staging
target
tc
thermal
tty
uio
usb	ARM: SoC fixes for 3.4-rc	2012-04-21 12:45:52 -07:00
uwb
vhost
video
virt
virtio
vlynq
w1
watchdog
xen
zorro
Kconfig
Makefile