[SRU][Focal][PATCH 0/2] Fix for CVE-2020-27820
Bartlomiej Zolnierkiewicz
bartlomiej.zolnierkiewicz at canonical.com
Wed Mar 23 17:23:11 UTC 2022
[Impact]
A vulnerability was found in Linux kernel, where a use-after-frees in
nouveau’s postclose() handler could happen if removing device (that is
not common to remove video card physically without power-off, but same
happens if “unbind” the driver). A privileged or physically proximate
attacker could use this to cause a denial of service (system crash).
[Fix]
f55aaf63bde0 ("drm/nouveau: clean up all clients on device removal")
abae9164a421 ("drm/nouveau: Add a dedicated mutex for the clients list")
Patch #1 required backporting due to different context in
nouveau_drm_device_fini().
Patch #2 cherry picked cleanly.
Both patches build just fine.
Please also note that Focal already has a backport of:
aff2299e0d81 ("drm/nouveau: use drm_dev_unplug() during device removal")
(commit 64c189f2be00) which is also required for fixing the CVE-2020-27820.
[Potential regression]
The changes are limited to drm nouveau driver and are already present in
Impish and Jammy kernels.
Jeremy Cline (2):
drm/nouveau: Add a dedicated mutex for the clients list
drm/nouveau: clean up all clients on device removal
drivers/gpu/drm/nouveau/nouveau_drm.c | 40 ++++++++++++++++++++++++---
drivers/gpu/drm/nouveau/nouveau_drv.h | 5 ++++
2 files changed, 41 insertions(+), 4 deletions(-)
--
2.25.1
More information about the kernel-team
mailing list