ACK: [PATCH 0/2][SRU][D] i915 info leak and use-after-free
Connor Kuehl
connor.kuehl at canonical.com
Tue Jan 14 21:00:15 UTC 2020
On 1/14/20 12:47 PM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14615.html
>
> Insufficient control flow in certain data structures for some Intel(R)
> Processors with Intel Processor Graphics may allow an unauthenticated
> user to potentially enable information disclosure via local access
>
> https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7053.html
>
> A race condition can lead to a use-after-free in the i915 driver while
> destroying GEM contexts. A local attacker could use this flaw to
> perform a denial of service (system crash) or possibly execute code.
>
> Tested on a Gen9 system to ensure that the info leak fix does not
> exhibit unexpected behavior. The use-after-free fix was verified using a
> PoC with a kernel test build with KASAN enabled.
>
> Tyler
>
> Akeem G Abodunrin (1):
> drm/i915/gen9: Clear residual context state on context switch
>
> Tyler Hicks (1):
> UBUNTU: SAUCE: drm/i915: Fix use-after-free when destroying GEM
> context
>
> drivers/gpu/drm/i915/i915_gem_context.c | 13 +++++++------
> drivers/gpu/drm/i915/intel_lrc.c | 9 +++++++++
> 2 files changed, 16 insertions(+), 6 deletions(-)
>
+ Sauce patch looks like a correct change for handling the lock.
Acked-by: Connor Kuehl <connor.kuehl at canonical.com>
More information about the kernel-team
mailing list