[PATCH 0/2][SRU][B] i915 info leak and use-after-free

Connor Kuehl connor.kuehl at canonical.com
Tue Jan 14 21:00:27 UTC 2020


On 1/14/20 12:47 PM, Tyler Hicks wrote:
> https://people.canonical.com/~ubuntu-security/cve/2019/CVE-2019-14615.html
> 
>   Insufficient control flow in certain data structures for some Intel(R)
>   Processors with Intel Processor Graphics may allow an unauthenticated
>   user to potentially enable information disclosure via local access
> 
> https://people.canonical.com/~ubuntu-security/cve/2020/CVE-2020-7053.html
> 
>   A race condition can lead to a use-after-free in the i915 driver while
>   destroying GEM contexts. A local attacker could use this flaw to
>   perform a denial of service (system crash) or possibly execute code.
> 
> Tested on a Gen9 system to ensure that the info leak fix does not
> exhibit unexpected behavior. The use-after-free fix was verified using a
> PoC with a kernel test build with KASAN enabled.
> 
> Tyler
> 
> Akeem G Abodunrin (1):
>    drm/i915/gen9: Clear residual context state on context switch
> 
> Tyler Hicks (1):
>    UBUNTU: SAUCE: drm/i915: Fix use-after-free when destroying GEM
>      context
> 
>   drivers/gpu/drm/i915/i915_gem_context.c | 13 +++++++------
>   drivers/gpu/drm/i915/intel_lrc.c        | 19 ++++++++-----------
>   2 files changed, 15 insertions(+), 17 deletions(-)
> 

Acked-by: Connor Kuehl <connor.kuehl at canonical.com>



More information about the kernel-team mailing list