Description of problem: libdrm needs a version bump or to back port a use-after-free patch else the IOMMU will trap on wayland and possibly under X causing segmentation faults due to out of bounds memory access on the aperture. The following bug report contains details of the issue: https://bugs.freedesktop.org/show_bug.cgi?id=91704 and the fix was merged here: http://cgit.freedesktop.org/mesa/drm/commit/?id=5c42b5e36a4a02e579ec5dcdc3a95ce58538224c Version-Release number of selected component (if applicable): libdrm-2.4.64 Many thanks, Edward.
Hi, After looking over this again, the severity should be perhaps considered urgent as this could possibly be used as a exploit vector although I have not written a proof of concept yet. Regards,
Fixed in version 2.4.65 which was bumped here: http://cgit.freedesktop.org/mesa/drm/commit/?id=c3496167637e35cf8a52d5e7e53a412e79d80db0 Awaiting a RPM rebuild with the version bump now..
2.4.65 is in rawhide and will update in f23 as well.