Alan Cox found issues in the R128 Direct render infrastructure which
could allow local privilege escalation.
Alan posted a fix to the dri-devel sourceforge list on Jan14th
Created attachment 97633 [details]
posted by Alan Cox on 1/14/2004
Created attachment 98015 [details]
The original patch did not check for a negative count. Arbitrary hardcoded
limits which are not part of the API (e.g. in a header file) are dubious
practice. Patch is modified to test for negative values and mulitiplication
overflow, no other limits appear necessary.
Created attachment 98112 [details]
fix missing check in 4th routine
Eagle-eyed Ernie Petrides on the rh-kernel noted only 3 of 4 equivalent
routines had the parameter validation check applied. This new patch revision
adds the omitted check on the 4th routine.
Just to confirm, this was committed to the RHEL3 U2 patch pool
in kernel version 2.4.21-9.15.EL.
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.