CAN-2004-1056 status at kernel.org ?
A kernel vulnerability related to intel drms
(CAN-2004-1056 insufficient locking checks in DRM code),
has been reported by some vendors [5-7].
It seems to have been fixed in kernel-source-2.6.8-11,
and will be fixed by a backport to kernel-source-2.4.27-8
(also fixes CAN-2004-1235 about uselib) [1-3]
What's the status of that DRM bug at kernel.org :
is it included in some vanilla kernels (2.4 or 2.6)?
I dont see anything in kernel.org Changelogs, and only
found out a cset [4] that seems related.
Christophe
PS Some infos I found about this
From [1]
* 121_drm-locking-checks-1.diff 121_drm-locking-checks-2.diff:
[SECURITY] Fix insufficient locking checks in DRM code;
CAN-2004-1056
(Fabio M. Di Nitto, Dann Frazier, Simon Horman).
(Closes: Bug#285563)
From [2]
The fix for CAN-2004-1056, added in 2.6.8-11, also applies to 2.4
however, I don't think it will compile, because 2.4 doesn't define the
LOCK_TEST_WITH_RETURN() in drmP.h.
From [3]
kernel-source-2.6.8 (2.6.8-11) unstable; urgency=high
* [SECURITY] Fix insufficient locking checks in DRM code;
CAN-2004-1056. Thanks to Fabio M. Di Nitto (Andres Salomon).
From [4]
# ChangeSet
# 2004/11/11 22:23:44+11:00 airlied@starflyer.(none)
# drm: in-correct locking in intel drms
[1] Changelog kernel-source2.4.27
http://svn.debian.org/wsvn/kernel/trunk/kernel-2.4/source/kernel-source-2.4.27-2.4.27/debian/changelog?op=file&rev=0&sc=1
[2] Debian Bug report logs - #285563
kernel-source-2.4.27: drm locking fix missing in 2.4 kernels
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285563
[3] Changelog kernel-source-2.6.8 (2.6.8-11)
http://packages.debian.org/changelogs/pool/main/k/kernel-source-2.6.8/kernel-source-2.6.8_2.6.8-11/changelog
[4] part of 2.6 changeset
http://kernel.org/pub/linux/kernel/v2.6/testing/cset/cset-airlied@starflyer.(none)|ChangeSet|20041111112344|59303.txt
[5] 2004-11-01
Security issue: insufficient locking checks in DRM code
https://bugs.freedesktop.org/show_bug.cgi?id=1803
[6] 2004-11-09
CAN-2004-1056 insufficient locking checks in DRM code
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138534
[7] 2004-12-15
Bugzilla Bug 74464
Kernel Local X server DoS in DRM drivers (CAN-2004-1056)
http://bugs.gentoo.org/show_bug.cgi?id=74464
Reply to: