SB20240620174 - Use-after-free in Linux kernel drm vmwgfx driver

Description

This security bulletin contains information about 1 security vulnerability.

1) Use-after-free (CVE-ID: CVE-2022-48771)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the vmw_kms_helper_buffer_finish() function in drivers/gpu/drm/vmwgfx/vmwgfx_kms.c, within the vmw_fence_event_ioctl() function in drivers/gpu/drm/vmwgfx/vmwgfx_fence.c, within the vmw_execbuf_fence_commands(), vmw_execbuf_copy_fence_user() and vmw_execbuf_process() functions in drivers/gpu/drm/vmwgfx/vmwgfx_execbuf.c. A local user can escalate privileges on the system.

Remediation

Install update from vendor's website.

References

• https://git.kernel.org/stable/c/e8d092a62449dcfc73517ca43963d2b8f44d0516
• https://git.kernel.org/stable/c/0008a0c78fc33a84e2212a7c04e6b21a36ca6f4d
• https://git.kernel.org/stable/c/84b1259fe36ae0915f3d6ddcea6377779de48b82
• https://git.kernel.org/stable/c/ae2b20f27732fe92055d9e7b350abc5cdf3e2414
• https://git.kernel.org/stable/c/6066977961fc6f437bc064f628cf9b0e4571c56c
• https://git.kernel.org/stable/c/1d833b27fb708d6fdf5de9f6b3a8be4bd4321565
• https://git.kernel.org/stable/c/a0f90c8815706981c483a652a6aefca51a5e191c
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.264
• https://mirrors.edge.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.19.227
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.10.95
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.15.18
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.16.4
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.17
• https://mirrors.edge.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.4.175