CVE-2022-1419 Information

Description

The root cause of this vulnerability is that the ioctl$DRM_IOCTL_MODE_DESTROY_DUMB can decrease refcount of drm_vgem_gem_object (created in vgem_gem_dumb_create) concurrently and vgem_gem_dumb_create will access the freed drm_vgem_gem_object.

Reference

https://bugzilla.redhat.com/show_bug.cgi?id=2077560