Linux kernel is not checking a provided address with access_ok() when accessing userspace data in certain situations. Lack of such checks in i915_gem_execbuffer2_ioctl in drivers/gpu/drm/i915/i915_gem_execbuffer.c may allow a local unprivileged attacker to possible escalate its privileges. References: https://salls.github.io/Linux-Kernel-CVE-2017-5123/ (missing access_ok() check described) Upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=594cc251fdd0d231d342d88b2fdff4bc42fb0690
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1669142]
This is fixed for Fedora with the 4.20.{3,4} kernel rebases.