Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2018-8781: drm: udl: Properly check framebuffer mmap offsets

The udl_fb_mmap function in drivers/gpu/drm/udl/udl_fb.c at the Linux kernel version 3.4 and up to and including 4.15 has an integer-overflow vulnerability allowing local users with access to the udldrmfb driver to obtain full read and write permissions on kernel physical pages, resulting in a code execution in kernel space.

CVE
Open in Source
#vulnerability#linux#perl

@@ -159,10 +159,15 @@ static int udl_fb_mmap(struct fb_info *info, struct vm_area_struct *vma) { unsigned long start = vma->vm_start; unsigned long size = vma->vm_end - vma->vm_start; - unsigned long offset = vma->vm_pgoff << PAGE_SHIFT;

  • unsigned long offset; unsigned long page, pos;

- if (offset + size > info->fix.smem_len)

  • if (vma->vm_pgoff > (~0UL >> PAGE_SHIFT))

  •   return -EINVAL;

  • offset = vma->vm_pgoff << PAGE_SHIFT;

  • if (offset > info->fix.smem_len || size > info->fix.smem_len - offset) return -EINVAL;

    pos = (unsigned long)info->fix.smem_start + offset;

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE