ACK: [SRU][Focal][PATCH 0/2] Fix for CVE-2020-27820
stefan.bader at canonical.com
Thu Mar 24 08:23:56 UTC 2022
On 23.03.22 18:23, Bartlomiej Zolnierkiewicz wrote:
> A vulnerability was found in Linux kernel, where a use-after-frees in
> nouveau’s postclose() handler could happen if removing device (that is
> not common to remove video card physically without power-off, but same
> happens if “unbind” the driver). A privileged or physically proximate
> attacker could use this to cause a denial of service (system crash).
> f55aaf63bde0 ("drm/nouveau: clean up all clients on device removal")
> abae9164a421 ("drm/nouveau: Add a dedicated mutex for the clients list")
> Patch #1 required backporting due to different context in
> Patch #2 cherry picked cleanly.
> Both patches build just fine.
> Please also note that Focal already has a backport of:
> aff2299e0d81 ("drm/nouveau: use drm_dev_unplug() during device removal")
> (commit 64c189f2be00) which is also required for fixing the CVE-2020-27820.
> [Potential regression]
> The changes are limited to drm nouveau driver and are already present in
> Impish and Jammy kernels.
> Jeremy Cline (2):
> drm/nouveau: Add a dedicated mutex for the clients list
> drm/nouveau: clean up all clients on device removal
> drivers/gpu/drm/nouveau/nouveau_drm.c | 40 ++++++++++++++++++++++++---
> drivers/gpu/drm/nouveau/nouveau_drv.h | 5 ++++
> 2 files changed, 41 insertions(+), 4 deletions(-)
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: OpenPGP digital signature
More information about the kernel-team