Linux Kernel VMA Allocation Error Vulnerability in Intel Graphics Driver

A vulnerability has been identified in the Linux kernel's Intel i915 graphics driver, related to the management of Virtual Memory Areas (VMAs) during ring submission processes. When the driver is unloaded, a timeline reference can be left dangling if a VMA allocation fails due to interruption by signals. This issue arises because the driver does not properly release the timeline reference before unbinding, leading to memory management errors.

Impact

The vulnerability can cause memory management issues by leaving unused timeline references, which can lead to resource leaks or corruption.

Reproduction

The vulnerability can be reproduced by running certain Intel Graphics Tests (IGT) that interrupt the execution with signals, such as 'fork-simple-stress-signal' and 'two-level-inception-interruptible'. These tests can trigger the VMA allocation process, which, if interrupted, can cause the timeline reference to be improperly managed. Following this, the i915 driver can be unbound, which will then expose the memory management error.

Remediation

The vulnerability has been addressed in a recent commit to the Linux kernel. Users should upgrade to the latest version where this fix is applied.