CVE-2024-46837 Information

Description

In the Linux kernel the following vulnerability has been resolved:

drm/panthor: Restrict high priorities on group_create

We were allowing any users to create a high priority group without any permission checks. As a result this was allowing possible denial of service.

We now only allow the DRM master or users with the CAP_SYS_NICE capability to set higher priorities than PANTHOR_GROUP_PRIORITY_MEDIUM.

As the sole user of that uAPI lives in Mesa and hardcode a value of MEDIUM [1] this should be safe to do.

Additionally as those checks are performed at the ioctl level panthor_group_create now only check for priority level validity.

[1]https://gitlab.freedesktop.org/mesa/mesa/-/blob/f390835074bdf162a63deb0311d1a6de527f9f89/src/gallium/drivers/panfrost/pan_csf.cL1038

Reference

https://git.kernel.org/stable/c/33eb0344e186a2bcc257c6c5a6e65c1cb42adb4a https://git.kernel.org/stable/c/5f7762042f8a5377bd8a32844db353c0311a7369