| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2025100447-CVE-2023-53552-5ba9@gregkh> Date: Sat, 4 Oct 2025 17:17:06 +0200 From: Greg Kroah-Hartman <gregkh@...uxfoundation.org> To: linux-cve-announce@...r.kernel.org Cc: Greg Kroah-Hartman <gregkh@...nel.org> Subject: CVE-2023-53552: drm/i915: mark requests for GuC virtual engines to avoid use-after-free From: Greg Kroah-Hartman <gregkh@...nel.org> Description =========== In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915_requests may be trapped by userspace inside a sync_file or dmabuf (dma-resv) and held indefinitely across different proceses. To counter-act the memory leaks, we try to not to keep references from the request past their completion. On the other side on fence release we need to know if rq->engine is valid and points to hw engine (true for non-virtual requests). To make it possible extra bit has been added to rq->execution_mask, for marking virtual engines. (cherry picked from commit 280410677af763f3871b93e794a199cfcf6fb580) The Linux kernel CVE team has assigned CVE-2023-53552 to this issue. Affected and fixed versions =========================== Issue introduced in 6.0 with commit bcb9aa45d5a0e11ef91245330c53cde214d15e8d and fixed in 6.1.54 with commit 8017a27cec32eac8c8f9430b0a3055840136b856 Issue introduced in 6.0 with commit bcb9aa45d5a0e11ef91245330c53cde214d15e8d and fixed in 6.5.4 with commit 7fb464d52fa41c31a6fd1ad82888e67c65935d94 Issue introduced in 6.0 with commit bcb9aa45d5a0e11ef91245330c53cde214d15e8d and fixed in 6.6 with commit 5eefc5307c983b59344a4cb89009819f580c84fa Please see https://www.kernel.org for a full list of currently supported kernel versions by the kernel community. Unaffected versions might change over time as fixes are backported to older supported kernel versions. The official CVE entry at https://cve.org/CVERecord/?id=CVE-2023-53552 will be updated if fixes are backported, please check that for the most up to date information about this issue. Affected files ============== The file(s) affected by this issue are: drivers/gpu/drm/i915/gt/intel_engine_types.h drivers/gpu/drm/i915/gt/uc/intel_guc_submission.c drivers/gpu/drm/i915/i915_request.c Mitigation ========== The Linux kernel CVE team recommends that you update to the latest stable kernel version for this, and many other bugfixes. Individual changes are never tested alone, but rather are part of a larger kernel release. Cherry-picking individual commits is not recommended or supported by the Linux kernel community at all. If however, updating to the latest release is impossible, the individual changes to resolve this issue can be found at these commits: https://git.kernel.org/stable/c/8017a27cec32eac8c8f9430b0a3055840136b856 https://git.kernel.org/stable/c/7fb464d52fa41c31a6fd1ad82888e67c65935d94 https://git.kernel.org/stable/c/5eefc5307c983b59344a4cb89009819f580c84fa
Powered by blists - more mailing lists