CVE-2022-49935

Summary

In the Linux kernel, the following vulnerability has been resolved:

dma-buf/dma-resv: check if the new fence is really later

Previously when we added a fence to a dma_resv object we always assumed the the newer than all the existing fences.

With Jason's work to add an UAPI to explicit export/import that's not necessary the case any more. So without this check we would allow userspace to force the kernel into an use after free error.

Since the change is very small and defensive it's probably a good idea to backport this to stable kernels as well just in case others are using the dma_resv object in the same way.

Affected Software

VendorProductVersion RangeStatus
LinuxLinux27836b641c1bf693c96c627388497b4e0f57441b < c4c798fe98adceb642050819cb57cbc8f5c27870affected
LinuxLinux27836b641c1bf693c96c627388497b4e0f57441b < a3f7c10a269d5b77dd5822ade822643ced3057f0affected
LinuxLinux5.0affected
LinuxLinux0 < 5.0unaffected
LinuxLinux5.19.8 <= 5.19.*unaffected
LinuxLinux6.0 <= *unaffected

Weaknesses

References