CVE-2022-50390

*** Pendiente de traducción *** In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/ttm: fix undefined behavior in bit shift for TTM_TT_FLAG_PRIV_POPULATED<br /> <br /> Shifting signed 32-bit value by 31 bits is undefined, so changing<br /> significant bit to unsigned. The UBSAN warning calltrace like below:<br /> <br /> UBSAN: shift-out-of-bounds in ./include/drm/ttm/ttm_tt.h:122:26<br /> left shift of 1 by 31 places cannot be represented in type &amp;#39;int&amp;#39;<br /> Call Trace:<br /> <br /> dump_stack_lvl+0x7d/0xa5<br /> dump_stack+0x15/0x1b<br /> ubsan_epilogue+0xe/0x4e<br /> __ubsan_handle_shift_out_of_bounds+0x1e7/0x20c<br /> ttm_bo_move_memcpy+0x3b4/0x460 [ttm]<br /> bo_driver_move+0x32/0x40 [drm_vram_helper]<br /> ttm_bo_handle_move_mem+0x118/0x200 [ttm]<br /> ttm_bo_validate+0xfa/0x220 [ttm]<br /> drm_gem_vram_pin_locked+0x70/0x1b0 [drm_vram_helper]<br /> drm_gem_vram_pin+0x48/0xb0 [drm_vram_helper]<br /> drm_gem_vram_plane_helper_prepare_fb+0x53/0xe0 [drm_vram_helper]<br /> drm_gem_vram_simple_display_pipe_prepare_fb+0x26/0x30 [drm_vram_helper]<br /> drm_simple_kms_plane_prepare_fb+0x4d/0xe0 [drm_kms_helper]<br /> drm_atomic_helper_prepare_planes+0xda/0x210 [drm_kms_helper]<br /> drm_atomic_helper_commit+0xc3/0x1e0 [drm_kms_helper]<br /> drm_atomic_commit+0x9c/0x160 [drm]<br /> drm_client_modeset_commit_atomic+0x33a/0x380 [drm]<br /> drm_client_modeset_commit_locked+0x77/0x220 [drm]<br /> drm_client_modeset_commit+0x31/0x60 [drm]<br /> __drm_fb_helper_restore_fbdev_mode_unlocked+0xa7/0x170 [drm_kms_helper]<br /> drm_fb_helper_set_par+0x51/0x90 [drm_kms_helper]<br /> fbcon_init+0x316/0x790<br /> visual_init+0x113/0x1d0<br /> do_bind_con_driver+0x2a3/0x5c0<br /> do_take_over_console+0xa9/0x270<br /> do_fbcon_takeover+0xa1/0x170<br /> do_fb_registered+0x2a8/0x340<br /> fbcon_fb_registered+0x47/0xe0<br /> register_framebuffer+0x294/0x4a0<br /> __drm_fb_helper_initial_config_and_unlock+0x43c/0x880 [drm_kms_helper]<br /> drm_fb_helper_initial_config+0x52/0x80 [drm_kms_helper]<br /> drm_fbdev_client_hotplug+0x156/0x1b0 [drm_kms_helper]<br /> drm_fbdev_generic_setup+0xfc/0x290 [drm_kms_helper]<br /> bochs_pci_probe+0x6ca/0x772 [bochs]<br /> local_pci_probe+0x4d/0xb0<br /> pci_device_probe+0x119/0x320<br /> really_probe+0x181/0x550<br /> __driver_probe_device+0xc6/0x220<br /> driver_probe_device+0x32/0x100<br /> __driver_attach+0x195/0x200<br /> bus_for_each_dev+0xbb/0x120<br /> driver_attach+0x27/0x30<br /> bus_add_driver+0x22e/0x2f0<br /> driver_register+0xa9/0x190<br /> __pci_register_driver+0x90/0xa0<br /> bochs_pci_driver_init+0x52/0x1000 [bochs]<br /> do_one_initcall+0x76/0x430<br /> do_init_module+0x61/0x28a<br /> load_module+0x1f82/0x2e50<br /> __do_sys_finit_module+0xf8/0x190<br /> __x64_sys_finit_module+0x23/0x30<br /> do_syscall_64+0x58/0x80<br /> entry_SYSCALL_64_after_hwframe+0x63/0xcd<br />