subject:"\[PATCH 5.10 1\/1\] drm\/qxl\: fix UAF on handle creation"

Re: [PATCH 5.10 1/1] drm/qxl: fix UAF on handle creation

2024-01-11 Thread Greg Kroah-Hartman

On Tue, Jan 09, 2024 at 02:08:25PM +0300, Fedor Pchelkin wrote: > From: Wander Lairson Costa > > commit c611589b4259ed63b9b77be6872b1ce07ec0ac16 upstream. Now queued up, thanks. greg k-h

[PATCH 5.10 1/1] drm/qxl: fix UAF on handle creation

2024-01-09 Thread Fedor Pchelkin

From: Wander Lairson Costa commit c611589b4259ed63b9b77be6872b1ce07ec0ac16 upstream. qxl_mode_dumb_create() dereferences the qobj returned by qxl_gem_object_create_with_handle(), but the handle is the only one holding a reference to it. A potential attacker could guess the returned handle value