Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com
☎ 03 60 47 09 81 - info@securiteinfo.com
In the Linux kernel, the following vulnerability has been resolved:drm/amdgpu: don't access invalid schedSince 2320c9e6a768 ("drm/sched: memset() 'job' in drm_sched_job_init()")accessing job->base.sched can produce unexpected results as the initialisationof (*job)->base.sched done in amdgpu_job_alloc is overwritten by thememset.This commit fixes an issue when a CS would fail validation and wouldbe rejected after job->num_ibs is incremented. In this case,amdgpu_ib_free(ring->adev, ...) will be called, which would crash themachine because the ring value is bogus.To fix this, pass a NULL pointer to amdgpu_ib_free(): we can do thisbecause the device is actually not used in this function.The next commit will remove the ring argument completely.(cherry picked from commit 2ae520cb12831d264ceb97c61f72c59d33c0dbd7)
No PoCs from references.
- https://github.com/w4zu/Debian_security