| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025050222-CVE-2023-53095-5782@gregkh> Date: Fri, 2 May 2025 17:56:00 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53095: drm/ttm: Fix a NULL pointer dereference From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Fix a NULL pointer dereference The LRU mechanism may look up a resource in the process of being removed from an object. The locking rules here are a bit unclear but it looks currently like res->bo assignment is protected by the LRU lock, whereas bo->resource is protected by the object lock, while *clearing* of bo->resource is also protected by the LRU lock. This means that if we check that bo->resource points to the LRU resource under the LRU lock we should be safe. So perform that check before deciding to swap out a bo. That avoids dereferencing a NULL bo->resource in ttm_bo_swapout(). The Linux kernel CVE team has assigned CVE-2023-53095 to this issue. Affected and fixed versions =========================== Issue introduced in 5.19 with commit 6a9b028994025f5033f10d1da30b29dfdc713384 and fixed in 6.1.21 with commit 9ba1720f6c4a0f13c3f3cb5c28132ee75555d04f Issue introduced in 5.19 with commit 6a9b028994025f5033f10d1da30b29dfdc713384 and fixed in 6.2.8 with commit 9d9b1f9f7a72d83ebf173534e76b246349f32374 Issue introduced in 5.19 with commit 6a9b028994025f5033f10d1da30b29dfdc713384 and fixed in 6.3 with commit 9a9a8fe26751334b7739193a94eba741073b8a55 Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53095 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/ttm/ttm_device.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/9ba1720f6c4a0f13c3f3cb5c28132ee75555d04f https://git.kernel.org/stable/c/9d9b1f9f7a72d83ebf173534e76b246349f32374 https://git.kernel.org/stable/c/9a9a8fe26751334b7739193a94eba741073b8a55
Powered by blists - more mailing lists