Description: integer overflow in cpia2_remap_buffer in drivers/media/usb/cpia2/cpia2_core.c
References:
 https://deshal3v.github.io/blog/kernel-research/mmap_exploitation
 https://lore.kernel.org/lkml/20200108161619.7999-1-tiwai@suse.de/
 https://lore.kernel.org/lkml/20191111114615.GA418224@kroah.com/
Notes:
 bwh> Introduced in 2.6.17 by commit ab33d5071de7 "V4L/DVB (3376): Add cpia2
 bwh> camera support".  The general issue has already beedn fixed by commit
 bwh> be83bbf80682 "mmap: introduce sane default mmap limits" which went into
 bwh> 4.17 and was backported to all live stable branches.
Bugs:
upstream: released (4.17-rc5) [be83bbf806822b1b89e0a0f23cd87cddc409e429]
4.19-upstream-stable: N/A "Fixed before branch point"
4.9-upstream-stable: released (4.9.108) [7a40374c34e8c25062b0d7e2d2152ff8b7af1274]
3.16-upstream-stable: released (3.16.60) [72d8a061cbfbee3a357d38ef80688df9e878de43]
sid: released (4.16.16-1)
4.19-buster-security: N/A "Fixed before branch point"
4.9-stretch-security: released (4.9.110-1)
3.16-jessie-security: released (3.16.64-1)