Bug 2327380 (CVE-2024-53084) - CVE-2024-53084 kernel: drm/imagination: Break an object reference loop
Summary: CVE-2024-53084 kernel: drm/imagination: Break an object reference loop
Keywords:
Status: NEW
Alias: CVE-2024-53084
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Product Security DevOps Team
QA Contact:
URL:
Whiteboard:
Depends On: 2327442
Blocks:
TreeView+ depends on / blocked
 
Reported: 2024-11-19 18:04 UTC by OSIDB Bzimport
Modified: 2024-11-21 19:11 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments (Terms of Use)

Description OSIDB Bzimport 2024-11-19 18:04:09 UTC 
In the Linux kernel, the following vulnerability has been resolved:

drm/imagination: Break an object reference loop

When remaining resources are being cleaned up on driver close,
outstanding VM mappings may result in resources being leaked, due
to an object reference loop, as shown below, with each object (or
set of objects) referencing the object below it:

    PVR GEM Object
    GPU scheduler "finished" fence
    GPU scheduler “scheduled” fence
    PVR driver “done” fence
    PVR Context
    PVR VM Context
    PVR VM Mappings
    PVR GEM Object

The reference that the PVR VM Context has on the VM mappings is a
soft one, in the sense that the freeing of outstanding VM mappings
is done as part of VM context destruction; no reference counts are
involved, as is the case for all the other references in the loop.

To break the reference loop during cleanup, free the outstanding
VM mappings before destroying the PVR Context associated with the
VM context.
Comment 1 Robb Gatica 2024-11-19 20:49:25 UTC 
Upstream advisory:
https://lore.kernel.org/linux-cve-announce/2024111905-CVE-2024-53084-1021@gregkh/T
Note You need to log in before you can comment on or make changes to this bug.