Specially crafted requests may be written to /dev/sequencer
resulting in an underflow when calculating a size for a
copy_from_user() operation in the driver for MIDI interfaces. On
x86, this just returns an error, but it may cause memory corruption
on other architectures. Other malformed requests may result in
the use of uninitialized variables.
The fix for this has hit lucid and later via mainline and stable.
Following this email is a patch for hardy and maverick/ti-omap4, this is
a simple cherry-pick from the mainline fix.
It should be noted that we do not have OSS enabled in later releases but
people do use our source to make their own kernels so I am proposing we
apply it to the one missed release. It is arguable we should not bother
applying this maverick/ti-omap4.
Proposing for hardy and maverick/ti-omap4.
Tim Gardner email@example.com
kernel-team mailing list