CVE-2023-52930

Summary

In the Linux kernel, the following vulnerability has been resolved:

drm/i915: Fix potential bit_17 double-free

A userspace with multiple threads racing I915_GEM_SET_TILING to set the tiling to I915_TILING_NONE could trigger a double free of the bit_17 bitmask. (Or conversely leak memory on the transition to tiled.) Move allocation/free'ing of the bitmask within the section protected by the obj lock.

[tursulin: Correct fixes tag and added cc stable.] (cherry picked from commit 10e0cbaaf1104f449d695c80bcacf930dcd3c42e)

Affected Software

VendorProductVersion RangeStatus
LinuxLinux2850748ef8763ab46958e43a4d1c445f29eeb37d < b591abac78e25269b12e3d7170c99463f8c5cb02affected
LinuxLinux2850748ef8763ab46958e43a4d1c445f29eeb37d < e3ebc3e23bd9028a8a9a26cbc5985f99be445f65affected
LinuxLinux2850748ef8763ab46958e43a4d1c445f29eeb37d < 0769f997a7b6d5cb8336db0b4ec3d2d311b8097caffected
LinuxLinux2850748ef8763ab46958e43a4d1c445f29eeb37d < 7057a8f126f14f14b040faecfa220fd27c6c2f85affected
LinuxLinux5.5affected
LinuxLinux0 < 5.5unaffected
LinuxLinux5.10.168 <= 5.10.*unaffected
LinuxLinux5.15.93 <= 5.15.*unaffected
LinuxLinux6.1.11 <= 6.1.*unaffected
LinuxLinux6.2 <= *unaffected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References