RE: [PATCH v4.19.x] make 'user_access_begin()' do 'access_ok()'
From: Ashwin H
Date: Wed May 13 2020 - 13:08:24 EST
> Ok, but what does that mean for us?
>
> You need to say why you are sending a patch, otherwise we will guess wrong.
In drivers/gpu/drm/i915/i915_gem_execbuffer.c, ioctl functions does user_access_begin() without doing access_ok(Checks if a user space pointer is valid) first.
A local attacker can craft a malicious ioctl function call to overwrite arbitrary kernel memory, resulting in a Denial of Service or privilege escalation (CVE-2018-20669)
This patch makes sure that user_access_begin always does access_ok.
user_access_begin has been modified to do access_ok internally.
Thanks,
Ashwin