APPLIED: [SRU Mantic 0/1] CVE-2023-5633
Stefan Bader
stefan.bader at canonical.com
Mon Oct 30 09:28:14 UTC 2023
On 30.10.23 09:44, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> vmwgfx driver can be exploited by users with access to drm devices to drop
> a refcount earlier, leading to a use-after-free, which may allow for local
> privilege escalation.
>
> [Backport]
> On 6.5, this is a clean cherry-pick. Though this affects 6.2 and 6.1, the
> backports for those will be submitted at a later opportunity.
>
> [Potential regression]
> Graphics users on some virtual environments may regress.
>
> Zack Rusin (1):
> drm/vmwgfx: Keep a gem reference to user bos in surfaces
>
> drivers/gpu/drm/vmwgfx/vmwgfx_bo.c | 7 +++---
> drivers/gpu/drm/vmwgfx/vmwgfx_bo.h | 17 +++++++++----
> drivers/gpu/drm/vmwgfx/vmwgfx_cotable.c | 6 ++---
> drivers/gpu/drm/vmwgfx/vmwgfx_drv.h | 4 +++
> drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c | 10 +++++---
> drivers/gpu/drm/vmwgfx/vmwgfx_gem.c | 18 +++++++++++---
> drivers/gpu/drm/vmwgfx/vmwgfx_kms.c | 6 ++---
> drivers/gpu/drm/vmwgfx/vmwgfx_overlay.c | 2 +-
> drivers/gpu/drm/vmwgfx/vmwgfx_resource.c | 12 ++++-----
> drivers/gpu/drm/vmwgfx/vmwgfx_shader.c | 4 +--
> drivers/gpu/drm/vmwgfx/vmwgfx_surface.c | 31 +++++++++---------------
> 11 files changed, 68 insertions(+), 49 deletions(-)
>
Applied to mantic:linux/master-next. Thanks.
-Stefan
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0xE8675DEECBEECEA3.asc
Type: application/pgp-keys
Size: 44613 bytes
Desc: OpenPGP public key
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20231030/3654ee6b/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/kernel-team/attachments/20231030/3654ee6b/attachment-0001.sig>
More information about the kernel-team
mailing list