ACK: [SRU][Focal][PATCH 0/2] Fix for CVE-2020-27820
Stefan Bader
stefan.bader at canonical.com
Thu Mar 24 08:23:56 UTC 2022
On 23.03.22 18:23, Bartlomiej Zolnierkiewicz wrote:
> [Impact]
> A vulnerability was found in Linux kernel, where a use-after-frees in
> nouveau’s postclose() handler could happen if removing device (that is
> not common to remove video card physically without power-off, but same
> happens if “unbind” the driver). A privileged or physically proximate
> attacker could use this to cause a denial of service (system crash).
>
> [Fix]
> f55aaf63bde0 ("drm/nouveau: clean up all clients on device removal")
> abae9164a421 ("drm/nouveau: Add a dedicated mutex for the clients list")
>
> Patch #1 required backporting due to different context in
> nouveau_drm_device_fini().
>
> Patch #2 cherry picked cleanly.
>
> Both patches build just fine.
>
> Please also note that Focal already has a backport of:
> aff2299e0d81 ("drm/nouveau: use drm_dev_unplug() during device removal")
> (commit 64c189f2be00) which is also required for fixing the CVE-2020-27820.
>
> [Potential regression]
> The changes are limited to drm nouveau driver and are already present in
> Impish and Jammy kernels.
>
>
> Jeremy Cline (2):
> drm/nouveau: Add a dedicated mutex for the clients list
> drm/nouveau: clean up all clients on device removal
>
> drivers/gpu/drm/nouveau/nouveau_drm.c | 40 ++++++++++++++++++++++++---
> drivers/gpu/drm/nouveau/nouveau_drv.h | 5 ++++
> 2 files changed, 41 insertions(+), 4 deletions(-)
>
Acked-by: Stefan Bader <stefan.bader at canonical.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20220324/bea912c1/attachment.sig>
More information about the kernel-team
mailing list