cve/published/2023/CVE-2023-52913.mbox - pub/scm/linux/security/vulns - Git at Google

 From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
 From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
 To: <linux-cve-announce@vger.kernel.org>
 Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
 Subject: CVE-2023-52913: drm/i915: Fix potential context UAFs

 Description
 ===========

 In the Linux kernel, the following vulnerability has been resolved:

 drm/i915: Fix potential context UAFs

 gem_context_register() makes the context visible to userspace, and which
 point a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl.
 So we need to ensure that nothing uses the ctx ptr after this.  And we
 need to ensure that adding the ctx to the xarray is the *last* thing
 that gem_context_register() does with the ctx pointer.

 [tursulin: Stable and fixes tags add/tidy.]
 (cherry picked from commit bed4b455cf5374e68879be56971c1da563bcd90c)

 The Linux kernel CVE team has assigned CVE-2023-52913 to this issue.


 Affected and fixed versions
 ===========================

 	Issue introduced in 5.10 with commit eb4dedae920a07c485328af3da2202ec5184fb17 and fixed in 5.15.171 with commit ae278887193110dfeb857ea63e243a3851fbb0bc
 	Issue introduced in 5.10 with commit eb4dedae920a07c485328af3da2202ec5184fb17 and fixed in 6.1.7 with commit b696c627b3f56e173f7f70b8487d66da8ff22506
 	Issue introduced in 5.10 with commit eb4dedae920a07c485328af3da2202ec5184fb17 and fixed in 6.2 with commit afce71ff6daa9c0f852df0727fe32c6fb107f0fa

 Please see https://www.kernel.org for a full list of currently supported
 kernel versions by the kernel community.

 Unaffected versions might change over time as fixes are backported to
 older supported kernel versions.  The official CVE entry at
 	https://cve.org/CVERecord/?id=CVE-2023-52913
 will be updated if fixes are backported, please check that for the most
 up to date information about this issue.


 Affected files
 ==============

 The file(s) affected by this issue are:
 	drivers/gpu/drm/i915/gem/i915_gem_context.c


 Mitigation
 ==========

 The Linux kernel CVE team recommends that you update to the latest
 stable kernel version for this, and many other bugfixes.  Individual
 changes are never tested alone, but rather are part of a larger kernel
 release.  Cherry-picking individual commits is not recommended or
 supported by the Linux kernel community at all.  If however, updating to
 the latest release is impossible, the individual changes to resolve this
 issue can be found at these commits:
 	https://git.kernel.org/stable/c/ae278887193110dfeb857ea63e243a3851fbb0bc
 	https://git.kernel.org/stable/c/b696c627b3f56e173f7f70b8487d66da8ff22506
 	https://git.kernel.org/stable/c/afce71ff6daa9c0f852df0727fe32c6fb107f0fa
	From bippy-5f407fcff5a0 Mon Sep 17 00:00:00 2001
	From: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	To: <linux-cve-announce@vger.kernel.org>
	Reply-to: <cve@kernel.org>, <linux-kernel@vger.kernel.org>
	Subject: CVE-2023-52913: drm/i915: Fix potential context UAFs

	Description
	===========

	In the Linux kernel, the following vulnerability has been resolved:

	drm/i915: Fix potential context UAFs

	gem_context_register() makes the context visible to userspace, and which
	point a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl.
	So we need to ensure that nothing uses the ctx ptr after this. And we
	need to ensure that adding the ctx to the xarray is the last thing
	that gem_context_register() does with the ctx pointer.

	[tursulin: Stable and fixes tags add/tidy.]
	(cherry picked from commit bed4b455cf5374e68879be56971c1da563bcd90c)

	The Linux kernel CVE team has assigned CVE-2023-52913 to this issue.


	Affected and fixed versions
	===========================

	Issue introduced in 5.10 with commit eb4dedae920a07c485328af3da2202ec5184fb17 and fixed in 5.15.171 with commit ae278887193110dfeb857ea63e243a3851fbb0bc
	Issue introduced in 5.10 with commit eb4dedae920a07c485328af3da2202ec5184fb17 and fixed in 6.1.7 with commit b696c627b3f56e173f7f70b8487d66da8ff22506
	Issue introduced in 5.10 with commit eb4dedae920a07c485328af3da2202ec5184fb17 and fixed in 6.2 with commit afce71ff6daa9c0f852df0727fe32c6fb107f0fa

	Please see https://www.kernel.org for a full list of currently supported
	kernel versions by the kernel community.

	Unaffected versions might change over time as fixes are backported to
	older supported kernel versions. The official CVE entry at
	https://cve.org/CVERecord/?id=CVE-2023-52913
	will be updated if fixes are backported, please check that for the most
	up to date information about this issue.


	Affected files
	==============

	The file(s) affected by this issue are:
	drivers/gpu/drm/i915/gem/i915_gem_context.c


	Mitigation
	==========

	The Linux kernel CVE team recommends that you update to the latest
	stable kernel version for this, and many other bugfixes. Individual
	changes are never tested alone, but rather are part of a larger kernel
	release. Cherry-picking individual commits is not recommended or
	supported by the Linux kernel community at all. If however, updating to
	the latest release is impossible, the individual changes to resolve this
	issue can be found at these commits:
	https://git.kernel.org/stable/c/ae278887193110dfeb857ea63e243a3851fbb0bc
	https://git.kernel.org/stable/c/b696c627b3f56e173f7f70b8487d66da8ff22506
	https://git.kernel.org/stable/c/afce71ff6daa9c0f852df0727fe32c6fb107f0fa