Linux Kernel Race Condition Vulnerability in GPU Host1X Syncpoint Management

A race condition vulnerability has been addressed in the Linux kernel's GPU Host1X component, specifically in the syncpoint allocation and deallocation process. The issue arose from the use of manual reference counting and mutex locking, which created a window where syncpoints could be prematurely reallocated before they were fully cleaned up from a previous use. This vulnerability affects the Linux kernel stable tree.

Impact

The vulnerability could lead to a race condition where syncpoints are allocated while still being processed from a prior release, potentially causing synchronization issues or incorrect behavior in graphics processing.

Reproduction

The vulnerability can be reproduced by manipulating the syncpoint allocation and deallocation functions in a way that exploits the timing of the reference count changes and mutex lock acquisitions. This could involve rapidly allocating and freeing syncpoints, creating a race condition where a syncpoint is reallocated before it has been properly released.

Remediation

The vulnerability has been fixed by changing the synchronization point management to use an atomic reference count method that includes mutex handling, preventing the race condition. Users should update to the latest version of the Linux kernel where this fix has been applied.