OSV-2020-546 Heap-buffer-overflow in ih264d_decode_slice_thread

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=18960 Crash type: Heap-buffer-overflow READ 8 Crash state: ih264ddecodeslicethread ih264ddecodepicturethread startthread...

CVE-2016-5828

The startthread function in arch/powerpc/kernel/process.c in the Linux kernel through 4.6.3 on powerpc platforms mishandles transactional state, which allows local users to cause a denial of service invalid process state or TM Bad Thing exception, and system crash or possibly have unspecified oth...