Updated: 2025-11-03 03:14:05.594311
Description:
In the Linux kernel, the following vulnerability has been resolved: drm/i915: mark requests for GuC virtual engines to avoid use-after-free References to i915_requests may be trapped by userspace inside a sync_file or dmabuf (dma-resv) and held indefinitely across different proceses. To counter-act the memory leaks, we try to not to keep references from the request past their completion. On the other side on fence release we need to know if rq->engine is valid and points to hw engine (true for non-virtual requests). To make it possible extra bit has been added to rq->execution_mask, for marking virtual engines. (cherry picked from commit 280410677af763f3871b93e794a199cfcf6fb580)
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0.0 |
| CVSS Version 3.x | HIGH | 7.0 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | kernel | 5.14.0 | 7.0 | HIGH | Released | CLSA-2025:1765463110 | 2025-12-11 21:45:06 | |
| CentOS 8.4 ELS | kernel | 4.18.0 | 7.0 | HIGH | Needs Triage | 2025-10-29 07:18:01 | ||
| CentOS 8.5 ELS | kernel | 4.18.0 | 7.0 | HIGH | Needs Triage | 2025-10-29 07:17:59 | ||
| CentOS Stream 8 ELS | kernel | 4.18.0 | 7.0 | HIGH | Released | CLSA-2026:1770032032 | 2026-02-02 15:02:06 |