d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3f01401236
freebsd-dev/sys/dev/vt
History
Gordon Tetlow 9f6fffc731 Limit glyph count in vtfont_load to avoid integer overflow. 
Invalid font data passed to PIO_VFONT can result in an integer overflow
in glyphsize.  Characters may then be drawn on the console using glyph
map entries that point beyond the end of allocated glyph memory,
resulting in a kernel memory disclosure.

Submitted by:	emaste
Reported by:	Dr. Silvio Cesare of InfoSect
Security:	CVE-2018-6917
Security:	FreeBSD-SA-18:04.vt
Sponsored by:	The FreeBSD Foundation
2018-04-04 05:21:46 +00:00
..
colors Fix GCC build broken by r32744 2017-12-31 23:40:06 +00:00
font sys/dev: further adoption of SPDX licensing ID tags. 2017-11-27 14:52:40 +00:00
hw vt_vga: check if VGA is available from ACPI FADT table 2018-03-13 09:38:53 +00:00
logo sys/dev: further adoption of SPDX licensing ID tags. 2017-11-27 14:52:40 +00:00
vt_buf.c Implement "vidcontrol -h <history_size>" for vt(4) 2017-12-05 22:19:59 +00:00
vt_consolectl.c sys/dev: further adoption of SPDX licensing ID tags. 2017-11-27 14:52:40 +00:00
vt_core.c Avoid grabbing locks when grabbing the vt(4) console for DDB. 2018-02-22 02:26:29 +00:00
vt_cpulogos.c Revert r316796. It is not necessary since r317173. 2017-04-19 22:43:11 +00:00
vt_font.c Limit glyph count in vtfont_load to avoid integer overflow. 2018-04-04 05:21:46 +00:00
vt_sysmouse.c sys/dev: further adoption of SPDX licensing ID tags. 2017-11-27 14:52:40 +00:00
vt.h Implement "vidcontrol -h <history_size>" for vt(4) 2017-12-05 22:19:59 +00:00