kernel: drm: integer overflow in drm_mode_dirtyfb_ioctl()

Integer overflow in the drmmodedirtyfbioctl function in drivers/gpu/drm/drmcrtc.c in the Direct Rendering Manager DRM subsystem in the Linux kernel before 3.1.5 allows local users to gain privileges or cause a denial of service memory corruption via a crafted ioctl call...