Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:fbdev: omapfb: Add 'plane' value checkFunction dispc_ovl_setup is not intended to work with the value OMAP_DSS_WBof the enum parameter plane.The value of this parameter is initialized in dss_init_overlays and in thecurrent state of the code it cannot take this value so it's not a realproblem.For the purposes of defensive coding it wouldn't be superfluous to checkthe parameter value, because some functions down the call stack processthis value correctly and some not.For example, in dispc_ovl_setup_global_alpha it may lead to bufferoverflow.Add check for this value.Found by Linux Verification Center (linuxtesting.org) with SVACE staticanalysis tool.
No PoCs from references.
- https://github.com/w4zu/Debian_security