Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 12 Apr 2022 14:12:02 +0200
From: Greg KH <greg@...ah.com>
To: oss-security@...ts.openwall.com
Subject: Re: Linux kernel: A concurrency use-after-free
 between drm_setmaster_ioctl and drm_mode_getresources

On Tue, Apr 12, 2022 at 07:42:04PM +0800, Minh Yuan wrote:
> Hi guys,
> 
> We recently discovered a concurrency uaf in drm of the latest kernel
> version (Linux 4.19.237).

Note, this issue is not a problem for kernel versions 5.15 and newer,
the relevant commits have not yet been backported to older stable kernel
trees.  I have a list (as does the author of this report) of the needed
commits if anyone wishes to help in backporting (and testing.)

5.10.y and 5.4.y have some of the needed changes (as does 4.19.y), but
not all of them, so I do not know if the reproducer works on those trees
at this point in time.

> int fd1 = open("/dev/dri/card0",0);
> fd = open("/dev/dri/card0",0);

Also note that this issue requires access to these device nodes.

thanks,

greg k-h

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.