[PATCH 0/2][SRU][B] i915 info leak and use-after-free
Tyler Hicks
tyhicks at canonical.com
Tue Jan 14 20:47:49 UTC 2020
https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14615.html
Insufficient control flow in certain data structures for some Intel(R)
Processors with Intel Processor Graphics may allow an unauthenticated
user to potentially enable information disclosure via local access
https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7053.html
A race condition can lead to a use-after-free in the i915 driver while
destroying GEM contexts. A local attacker could use this flaw to
perform a denial of service (system crash) or possibly execute code.
Tested on a Gen9 system to ensure that the info leak fix does not
exhibit unexpected behavior. The use-after-free fix was verified using a
PoC with a kernel test build with KASAN enabled.
Tyler
Akeem G Abodunrin (1):
drm/i915/gen9: Clear residual context state on context switch
Tyler Hicks (1):
UBUNTU: SAUCE: drm/i915: Fix use-after-free when destroying GEM
context
drivers/gpu/drm/i915/i915_gem_context.c | 13 +++++++------
drivers/gpu/drm/i915/intel_lrc.c | 19 ++++++++-----------
2 files changed, 15 insertions(+), 17 deletions(-)
--
2.17.1
More information about the kernel-team
mailing list