CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47534 – drm/vc4: kms: Add missing drm_crtc_commit_put
https://notcve.org/view.php?id=CVE-2021-47534
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Add missing drm_crtc_commit_put Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit") introduced a global state for the HVS, with each FIFO storing the current CRTC commit so that we can properly synchronize commits. However, the refcounting was off and we thus ended up leaking the drm_crtc_commit structure every commit. Add a drm_crtc_commit_put to prevent the leakage. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/vc4: kms: agregar drm_crtc_commit_put faltante el commit 9ec03d7f1ed3 ("drm/vc4: kms: esperar a los usuarios FIFO anteriores antes de una confirmación") introdujo un estado global para HVS, con cada FIFO almacena El commit CRTC actual para que podamos sincronizar correctamente las confirmaciones. Sin embargo, el recuento no se realizó y, por lo tanto, terminamos filtrando la estructura drm_crtc_commit en cada confirmación. Agregue un drm_crtc_commit_put para evitar la fuga. • https://git.kernel.org/stable/c/9ec03d7f1ed394897891319a4dda75f52c5d292d https://git.kernel.org/stable/c/53f9601e908d42481addd67cdb01a9288c611124 https://git.kernel.org/stable/c/049cfff8d53a30cae3349ff71a4c01b7d9981bc2 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47533 – drm/vc4: kms: Clear the HVS FIFO commit pointer once done
https://notcve.org/view.php?id=CVE-2021-47533
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Clear the HVS FIFO commit pointer once done Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit") introduced a wait on the previous commit done on a given HVS FIFO. However, we never cleared that pointer once done. Since drm_crtc_commit_put can free the drm_crtc_commit structure directly if we were the last user, this means that it can lead to a use-after free if we were to duplicate the state, and that stale pointer would even be copied to the new state. Set the pointer to NULL once we're done with the wait so that we don't carry over a pointer to a free'd structure. En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/vc4: kms: borre el puntero de commit FIFO de HVS una vez realizado. El commit 9ec03d7f1ed3 ("drm/vc4: kms: espere a los usuarios FIFO anteriores antes de una confirmación") introdujo una espera en el commit anterior realizada en un HVS FIFO determinado. Sin embargo, nunca borramos ese puntero una vez hecho. • https://git.kernel.org/stable/c/9ec03d7f1ed394897891319a4dda75f52c5d292d https://git.kernel.org/stable/c/2931db9a5ed219546cf2ae0546698faf78281b89 https://git.kernel.org/stable/c/d134c5ff71c7f2320fc7997f2fbbdedf0c76889a •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47532 – drm/msm/devfreq: Fix OPP refcnt leak
https://notcve.org/view.php?id=CVE-2021-47532
In the Linux kernel, the following vulnerability has been resolved: drm/msm/devfreq: Fix OPP refcnt leak En el kernel de Linux, se ha resuelto la siguiente vulnerabilidad: drm/msm/devfreq: corrige la fuga de referencia de OPP • https://git.kernel.org/stable/c/9bc95570175a7fbca29d86d22c54bbf399f4ad5a https://git.kernel.org/stable/c/a4eb55901df1dce8c6944438bbdf57caf08911e2 https://git.kernel.org/stable/c/59ba1b2b4825342676300f66d785764be3fcb093 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47531 – drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP
https://notcve.org/view.php?id=CVE-2021-47531
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix mmap to include VM_IO and VM_DONTDUMP In commit 510410bfc034 ("drm/msm: Implement mmap as GEM object function") we switched to a new/cleaner method of doing things. That's good, but we missed a little bit. Before that commit, we used to _first_ run through the drm_gem_mmap_obj() case where `obj->funcs->mmap()` was NULL. That meant that we ran: vma->vm_flags |= VM_IO | VM_PFNMAP | VM_DONTEXPAND | VM_DONTDUMP; vma->vm_page_prot = pgprot_writecombine(vm_get_page_prot(vma->vm_flags)); vma->vm_page_prot = pgprot_decrypted(vma->vm_page_prot); ...and _then_ we modified those mappings with our own. Now that `obj->funcs->mmap()` is no longer NULL we don't run the default code. It looks like the fact that the vm_flags got VM_IO / VM_DONTDUMP was important because we're now getting crashes on Chromebooks that use ARC++ while logging out. • https://git.kernel.org/stable/c/510410bfc034c57cc3caf1572aa47c1017bab2f9 https://git.kernel.org/stable/c/8e2b7fe5e8a4be5e571561d9afcfbd92097288ba https://git.kernel.org/stable/c/3466d9e217b337bf473ee629c608e53f9f3ab786 •
CVSS: -EPSS: 0%CPEs: 2EXPL: 0CVE-2021-47530 – drm/msm: Fix wait_fence submitqueue leak
https://notcve.org/view.php?id=CVE-2021-47530
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix wait_fence submitqueue leak We weren't dropping the submitqueue reference in all paths. In particular, when the fence has already been signalled. Split out a helper to simplify handling this in the various different return paths. En el kernel de Linux, se resolvió la siguiente vulnerabilidad: drm/msm: corrige la fuga de la cola de envío de wait_fence No estábamos eliminando la referencia de la cola de envío en todas las rutas. En particular, cuando la valla ya ha sido señalizada. • https://git.kernel.org/stable/c/a61acbbe9cf873f869fc634ae6f72f214f5994cc https://git.kernel.org/stable/c/4c3cdbf2540319ea674f1f3c54f31f14c6f39647 https://git.kernel.org/stable/c/ea0006d390a28012f8187717aea61498b2b341e5 •