This is CVE-2020-7053 ** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-7053
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1859522 Title: use-after-free in i915_ppgtt_close Status in linux package in Ubuntu: Fix Released Status in linux source package in Bionic: In Progress Status in linux source package in Disco: In Progress Bug description: [Impact] Quan Luo and ycq from Codesafe Team of Legendsec at Qi'anxin Group reported a use-after-free issue in the i915 driver. This issue has been fixed in the upstream kernel starting in v5.2 with the following commit: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310 The flaw was introduced in v4.14 with this change: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1acfc104cdf8a3408f0e83b4115d4419c6315005 The problem can be fixed by expanding the usage of struct_mutex to include the GEM context lookup. A fix has been submitted to the upstream stable list: https://lore.kernel.org/stable/20200114183937.12224-1-tyhi...@canonical.com/T/#u [Test Case] Enable KASAN and exercise the affected code path using the PoC provided by Quan Luo. [Regression Potential] Low. This approach was suggested by upstream and has been well tested. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1859522/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
