ACK: [SRU][Focal][PATCH 0/2] Fix for CVE-2020-27820
Tim Gardner
tim.gardner at canonical.com
Wed Mar 23 17:49:15 UTC 2022
Acked-by: Tim Gardner <tim.gardner at canonical.com>
On 3/23/22 11:23, Bartlomiej Zolnierkiewicz wrote:
> [Impact]
> A vulnerability was found in Linux kernel, where a use-after-frees in
> nouveau’s postclose() handler could happen if removing device (that is
> not common to remove video card physically without power-off, but same
> happens if “unbind” the driver). A privileged or physically proximate
> attacker could use this to cause a denial of service (system crash).
>
> [Fix]
> f55aaf63bde0 ("drm/nouveau: clean up all clients on device removal")
> abae9164a421 ("drm/nouveau: Add a dedicated mutex for the clients list")
>
> Patch #1 required backporting due to different context in
> nouveau_drm_device_fini().
>
> Patch #2 cherry picked cleanly.
>
> Both patches build just fine.
>
> Please also note that Focal already has a backport of:
> aff2299e0d81 ("drm/nouveau: use drm_dev_unplug() during device removal")
> (commit 64c189f2be00) which is also required for fixing the CVE-2020-27820.
>
> [Potential regression]
> The changes are limited to drm nouveau driver and are already present in
> Impish and Jammy kernels.
>
>
> Jeremy Cline (2):
> drm/nouveau: Add a dedicated mutex for the clients list
> drm/nouveau: clean up all clients on device removal
>
> drivers/gpu/drm/nouveau/nouveau_drm.c | 40 ++++++++++++++++++++++++---
> drivers/gpu/drm/nouveau/nouveau_drv.h | 5 ++++
> 2 files changed, 41 insertions(+), 4 deletions(-)
>
--
-----------
Tim Gardner
Canonical, Inc
More information about the kernel-team
mailing list