blob: 150095f5d88d91371cc63a9bbd8f9faff1787614 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
Description: drm/vmwgfx: Fix stale file descriptors on failed usercopy
References:
https://www.openwall.com/lists/oss-security/2022/01/27/4
https://www.openwall.com/lists/oss-security/2022/02/03/1
https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-22942-dc.c
https://github.com/opensrcsec/same_type_object_reuse_exploits/blob/main/cve-2022-22942.c
Notes:
carnil> Commit fixes c906965dee22 ("drm/vmwgfx: Add export fence to
carnil> file descriptor support") in 4.14-rc1.
carnil> Fixed in 5.16.4 for 5.16.y and 5.15.18 for 5.15.y.
Bugs:
upstream: released (5.17-rc2) [a0f90c8815706981c483a652a6aefca51a5e191c]
5.10-upstream-stable: released (5.10.95) [ae2b20f27732fe92055d9e7b350abc5cdf3e2414]
4.19-upstream-stable: released (4.19.227) [0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d]
4.9-upstream-stable: N/A "Vulnerable code not present"
sid: released (5.15.15-2) [bugfix/all/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch]
5.10-bullseye-security: released (5.10.92-2) [bugfix/x86/drm-vmwgfx-Fix-stale-file-descriptors-on-failed-user.patch]
4.19-buster-security: released (4.19.232-1)
4.9-stretch-security: N/A "Vulnerable code not present"
|
