Quan Luo and ycq from Codesafe Team of Legendsec at Qi'anxin Group reported a use-after-free issue in the i915 driver. This issue has been fixed in the upstream kernel starting in v5.2 with the following commit:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7dc40713618c884bf07c030d1ab1f47a9dc1f310
The flaw was introduced in v4.14 with this change:
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1acfc104cdf8a3408f0e83b4115d4419c6315005
The problem can be fixed by expanding the usage of struct_mutex to include the GEM context lookup.
Quan Luo and ycq from Codesafe Team of Legendsec at Qi'anxin Group reported a use-after-free issue in the i915 driver. This issue has been fixed in the upstream kernel starting in v5.2 with the following commit:
https:/ /git.kernel. org/pub/ scm/linux/ kernel/ git/torvalds/ linux.git/ commit/ ?id=7dc40713618 c884bf07c030d1a b1f47a9dc1f310
The flaw was introduced in v4.14 with this change:
https:/ /git.kernel. org/pub/ scm/linux/ kernel/ git/torvalds/ linux.git/ commit/ ?id=1acfc104cdf 8a3408f0e83b411 5d4419c6315005
The problem can be fixed by expanding the usage of struct_mutex to include the GEM context lookup.