CVE-2022-1280

concurrency use-after-free between drm_setmaster_ioctl and drm_mode_getresources

References

Notes

 carnil> Not a problem on 5.15.y and newer, but the list of commits need
 carnil> to be isolated yet.
 carnil> Is the main fix 56f0729a510f ("drm: protect drm_master pointers
 carnil> in drm_lease.c")? Situation though is not very clear and what
 carnil> exactly is needed.
 bwh> I think most of these are fixing similar races even if some are not
 bwh> needed for the specific race in the description.  I don't think it
 bwh> makes any sense to backport them selectively.

Bugs

Status

Branch	Status
4.19-buster-security	needed
4.19-upstream-stable	released (4.19.195) [7d233ba700ceb593905ea82b42dadb4ec8ef85e9, a376f7e66b654cb290fa9d16d8dab5bfef744463], needed
5.10-bullseye-security	needed
5.10-upstream-stable	released (5.10.44) [491d52e0078860b33b6c14f0a7ac74ca1b603bd6, aa8591a58cbd2986090709e4202881f18e8ae30e], released (5.10.67) [54e51d288b38377e8cd645a83e1ad08cc9d20ccc, 06a553a99bacb00d3bc25f79e75c8e0fbf7a5025, 34609faad0c9f9f08d4b59d25c94b78bf5710d93, d6c91423993e8164ca4162ff046c6437bbd75b53], needed
6.1-bookworm-security	N/A "Fixed before branch point"
6.1-upstream-stable	N/A "Fixed before branch point"
6.6-upstream-stable	unknown
6.8-upstream-stable	unknown
sid	released (5.15.3-1)
upstream	released (5.13-rc6) [b436acd1cf7fac0ba987abd22955d98025c80c2b, c336a5ee984708db4826ef9e47d184e638e29717], released (5.15-rc1) [869e76f7a918f010bd4518d58886969b1f642a04, 5eff9585de220cdd131237f5665db5e6c6bdf590, 1f7ef07cfa14fb8557d1f1b7a14c76926142a4fb, 0b0860a3cf5eccf183760b1177a1dcdb821b0b66, 56f0729a510f92151682ff6c89f69724d5595d6e, 28be2405fb753927e18bc1a891617a430b2a0684, 2bc5da528dd570c5ecabc107e6fbdbc55974276f]