ACK: [SRU Mantic 0/1] CVE-2023-5633
Roxana Nicolescu
roxana.nicolescu at canonical.com
Mon Oct 30 08:57:35 UTC 2023
On 30/10/2023 09:44, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> vmwgfx driver can be exploited by users with access to drm devices to drop
> a refcount earlier, leading to a use-after-free, which may allow for local
> privilege escalation.
>
> [Backport]
> On 6.5, this is a clean cherry-pick. Though this affects 6.2 and 6.1, the
> backports for those will be submitted at a later opportunity.
>
> [Potential regression]
> Graphics users on some virtual environments may regress.
>
> Zack Rusin (1):
> drm/vmwgfx: Keep a gem reference to user bos in surfaces
>
> drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 +++---
> drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 17 +++++++++----
> drivers/gpu/drm/vmwgfx/vmwgfx_cotable.c | 6 ++---
> drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 4 +++
> drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 10 +++++---
> drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 18 +++++++++++---
> drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 6 ++---
> drivers/gpu/drm/vmwgfx/vmwgfx_overlay.c | 2 +-
> drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 12 ++++-----
> drivers/gpu/drm/vmwgfx/vmwgfx_shader.c | 4 +--
> drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 31 +++++++++---------------
> 11 files changed, 68 insertions(+), 49 deletions(-)
>
Acked-by: Roxana Nicolescu <roxana.nicolescu at canonical.com>
More information about the kernel-team
mailing list