ghsa-rj36-vf3r-744c
Vulnerability from github
Published
2025-06-18 12:30
Modified
2025-06-18 12:30
Details

In the Linux kernel, the following vulnerability has been resolved:

dma-buf/dma-resv: check if the new fence is really later

Previously when we added a fence to a dma_resv object we always assumed the the newer than all the existing fences.

With Jason's work to add an UAPI to explicit export/import that's not necessary the case any more. So without this check we would allow userspace to force the kernel into an use after free error.

Since the change is very small and defensive it's probably a good idea to backport this to stable kernels as well just in case others are using the dma_resv object in the same way.

Show details on source website

To clipboard 

{
  "affected": [],
  "aliases": [
    "CVE-2022-49935"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-06-18T11:15:20Z",
    "severity": null
  },
  "details": "In the Linux kernel, the following vulnerability has been resolved:\n\ndma-buf/dma-resv: check if the new fence is really later\n\nPreviously when we added a fence to a dma_resv object we always\nassumed the the newer than all the existing fences.\n\nWith Jason\u0027s work to add an UAPI to explicit export/import that\u0027s not\nnecessary the case any more. So without this check we would allow\nuserspace to force the kernel into an use after free error.\n\nSince the change is very small and defensive it\u0027s probably a good\nidea to backport this to stable kernels as well just in case others\nare using the dma_resv object in the same way.",
  "id": "GHSA-rj36-vf3r-744c",
  "modified": "2025-06-18T12:30:35Z",
  "published": "2025-06-18T12:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-49935"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/a3f7c10a269d5b77dd5822ade822643ced3057f0"
    },
    {
      "type": "WEB",
      "url": "https://git.kernel.org/stable/c/c4c798fe98adceb642050819cb57cbc8f5c27870"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.