CVE-2022-49359

For a while now it's been allowed for a MMU context to outlive it's corresponding panfrostpriv, however the job structure still references panfrostpriv to get hold of the MMU context. If panfrost_priv has been freed this is a use-after-free which I've been able to trigger resulting in a splat.

To fix this, drop the reference to panfrost_priv in the job structure and add a direct reference to the MMU structure which is what's actually needed.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/49xxx/CVE-2022-49359.json",
    "cna_assigner": "Linux"
}

References

Affected packages

Git / git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git

Affected ranges

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

7fdc48cc63a30fa3480d18bdd8c5fff2b9b15212

Fixed

8c8e8cc91a6ffc79865108279a74fd57d9070a17

Fixed

472dd7ea5e19a1aeabf1711ddc756777e05ee7c2

Fixed

6e516faf04317db2c46cbec4e3b78b4653a5b109

Type: GIT
Repo: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

c29485e34e63198dca6289639aa711f99d88e76e

Last affected

626adede2642f00c8918999a2451bd0a644ab9b7

Last affected

cf461fa9250a634e8afc4433d82ae0decea8136e

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-49359.json"