** Information type changed from Private Security to Public Security ** Description changed:
[Impact] Quan Luo and ycq from Codesafe Team of Legendsec at Qi'anxin Group reported a use-after-free issue in the i915 driver. This issue has been fixed in the upstream kernel starting in v5.2 with the following commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310 The flaw was introduced in v4.14 with this change: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1acfc104cdf8a3408f0e83b4115d4419c6315005 The problem can be fixed by expanding the usage of struct_mutex to - include the GEM context lookup. + include the GEM context lookup. A fix has been submitted to the upstream + stable list: + + https://lore.kernel.org/stable/20200114183937.12224-1-tyhi...@canonical.com/T/#u [Test Case] Enable KASAN and exercise the affected code path using the PoC provided by Quan Luo. [Regression Potential] Low. This approach was suggested by upstream and has been well tested. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1859522 Title: use-after-free in i915_ppgtt_close To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1859522/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
