[SRU Mantic 0/1] CVE-2023-5633
Thadeu Lima de Souza Cascardo
cascardo at canonical.com
Mon Oct 30 08:44:41 UTC 2023
[Impact]
vmwgfx driver can be exploited by users with access to drm devices to drop
a refcount earlier, leading to a use-after-free, which may allow for local
privilege escalation.
[Backport]
On 6.5, this is a clean cherry-pick. Though this affects 6.2 and 6.1, the
backports for those will be submitted at a later opportunity.
[Potential regression]
Graphics users on some virtual environments may regress.
Zack Rusin (1):
drm/vmwgfx: Keep a gem reference to user bos in surfaces
drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 +++---
drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 17 +++++++++----
drivers/gpu/drm/vmwgfx/vmwgfx_cotable.c | 6 ++---
drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 4 +++
drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 10 +++++---
drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 18 +++++++++++---
drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 6 ++---
drivers/gpu/drm/vmwgfx/vmwgfx_overlay.c | 2 +-
drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 12 ++++-----
drivers/gpu/drm/vmwgfx/vmwgfx_shader.c | 4 +--
drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 31 +++++++++---------------
11 files changed, 68 insertions(+), 49 deletions(-)
--
2.34.1
More information about the kernel-team
mailing list