14 Sep
2023
14 Sep
'23
11:59 a.m.
On Thu, 07 Sep 2023 15:53:38 +0200, Thomas Hellström wrote:
when using __drm_kunit_helper_alloc_drm_device() the driver may be dereferenced by device-managed resources up until the device is freed, which is typically later than the kunit-managed resource code frees it. Fix this by simply make the driver device-managed as well.
In short, the sequence leading to the UAF is as follows:
[...]
Applied to drm/drm-misc (drm-misc-fixes).
Thanks! Maxime