ACK: [PATCH 0/2][SRU][B] i915 info leak and use-after-free
Khaled Elmously
khalid.elmously at canonical.com
Tue Jan 14 12:37:23 UTC 2020
On 2020-01-14 20:47:49 , Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14615.html
>
> Insufficient control flow in certain data structures for some Intel(R)
> Processors with Intel Processor Graphics may allow an unauthenticated
> user to potentially enable information disclosure via local access
>
> https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7053.html
>
> A race condition can lead to a use-after-free in the i915 driver while
> destroying GEM contexts. A local attacker could use this flaw to
> perform a denial of service (system crash) or possibly execute code.
>
> Tested on a Gen9 system to ensure that the info leak fix does not
> exhibit unexpected behavior. The use-after-free fix was verified using a
> PoC with a kernel test build with KASAN enabled.
>
> Tyler
>
> Akeem G Abodunrin (1):
> drm/i915/gen9: Clear residual context state on context switch
>
> Tyler Hicks (1):
> UBUNTU: SAUCE: drm/i915: Fix use-after-free when destroying GEM
> context
>
> drivers/gpu/drm/i915/i915_gem_context.c | 13 +++++++------
> drivers/gpu/drm/i915/intel_lrc.c | 19 ++++++++-----------
> 2 files changed, 15 insertions(+), 17 deletions(-)
>
Acked-by: Khalid Elmously <khalid.elmously at canonical.com>
More information about the kernel-team
mailing list