Red Hat Bugzilla – Bug 1259540
[Radeon/Tonga] use-after-free traps IOMMU
Last modified: 2015-09-22 13:28:08 EDT
Description of problem:
libdrm needs a version bump or to back port a use-after-free patch else the IOMMU will trap on wayland and possibly under X causing segmentation faults due to out of bounds memory access on the aperture.
The following bug report contains details of the issue:
and the fix was merged here:
Version-Release number of selected component (if applicable):
After looking over this again, the severity should be perhaps considered urgent as this could possibly be used as a exploit vector although I have not written a proof of concept yet.
Fixed in version 2.4.65 which was bumped here:
Awaiting a RPM rebuild with the version bump now..
2.4.65 is in rawhide and will update in f23 as well.