A use after free flaw in the Linux Kernel SGI GRU driver in drivers/misc/sgi-gru/grufile.c found. A local user can call gru_file_unlocked_ioctl with GRU_SET_CONTEXT_OPTION and then triggering error path in gru_check_context_placement function. This leads to use after free in gru_unload_context function. Reference: https://www.spinics.net/lists/kernel/msg4518970.html Besides, this is a long existing bug which was introduced in 13 years ago: https://github.com/torvalds/linux/commit/55484c45dbeca2eec7642932ec3f60f8a2d4bdbf
*** Bug 2132639 has been marked as a duplicate of this bug. ***
The latest candidate patch is: https://lore.kernel.org/all/20221006152643.1694235-1-zyytlz.wz@163.com/ - received the link from the Zheng Wang , see Bug 2126411.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2132961]
Updated on 2022-10-19 03:17:26 UTC: " Here is the newest version of patch. https://lore.kernel.org/all/20221019031445.901570-1-zyytlz.wz@163.com/ " - received the link from the Zheng Wang , see Bug 2126411.
This was fixed for Fedora with the 6.0.16 stable kernel update.