The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of *drm_vgem_gem_object *(created in *vgem_gem_dumb_create*) concurrently, and *vgem_gem_dumb_create *will access the freed drm_vgem_gem_object.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2022-05-31T17:59:18
Updated: 2024-08-03T00:03:06.207Z
Reserved: 2022-04-20T00:00:00
Link: CVE-2022-1419
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2022-06-02T14:15:32.577
Modified: 2022-12-09T18:41:11.500
Link: CVE-2022-1419
Redhat