Linux Kernel DRM Panthor Shmem Write Flush Vulnerability

A vulnerability in the Linux kernel's DRM Panthor driver has been addressed. The issue arose because the shmem layer initialized new pages using cached mappings. Without a proper CPU flush, this could leave behind dirty cache lines, potentially causing data leaks or asynchronous buffer corruption when these cache lines were evicted. The vulnerability affected the stable version of the Linux kernel.

Impact

Failure to flush shmem writes before mapping buffers as CPU-uncached could lead to data leaks or asynchronous buffer corruption in the affected system.

Reproduction

The vulnerability can be reproduced by creating a write-combine mapping in the DRM Panthor driver without flushing the shared memory writes before mapping the buffers as CPU-uncached. This can be done by allocating pages in a way that does not trigger a CPU cache flush, allowing dirty cache lines to remain and potentially cause issues when evicted.

Remediation

Users can apply the latest patches available in the Linux kernel stable tree to address this vulnerability.