kernel: IB/uverbs: Handle large number of entries in poll CQ
Integer overflow in the ibuverbspollcq function in drivers/infiniband/core/uverbscmd.c in the Linux kernel before 2.6.37 allows local users to cause a denial of service memory corruption or possibly have unspecified other impact via a large value of a certain structure member...