blob: 52cf845a27d6fc88e897f03a3ce8cd7503f4dbc9 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
|
Description: KASAN: slab-use-after-free in iopt_unmap_iova_range
References:
https://groups.google.com/g/syzkaller/c/G6P9yecsTZ8/m/iiqFVOM9BwAJ
https://lore.kernel.org/linux-iommu/ZDabT%2FuRl%2FjxFhm0%40ip-172-31-85-199.ec2.internal/T/
Notes:
bwh> The use-after-free is the unlocked read of area->num_accesses,
bwh> introduced in 6.2 by commit 8d40205f6093 "iommufd: Add kAPI
bwh> toward external drivers for kernel access".
carnil> Fixed as well in 6.4.4 for 6.4.y.
Bugs:
upstream: released (6.5-rc1) [dbe245cdf5189e88d680379ed13901356628b650, 804ca14d04df09bf7924bacc5ad22a4bed80c94f]
6.1-upstream-stable: N/A "Vulnerable code not present"
5.10-upstream-stable: N/A "Vulnerable code not present"
4.19-upstream-stable: N/A "Vulnerable code not present"
sid: released (6.4.4-1)
6.1-bookworm-security: N/A "Vulnerable code not present"
5.10-bullseye-security: N/A "Vulnerable code not present"
4.19-buster-security: N/A "Vulnerable code not present"
|