Linux Kernel DMA-Fence Safe Access Rule Vulnerability in DRM/Panthor

A vulnerability related to safe access rules for DMA-fences has been addressed in the Linux kernel's DRM/Panthor component. This issue arises because the function 'drm_sched_fence_get_timeline_name' can potentially race with 'group_free_queue', leading to improper synchronization and access management. The vulnerability affects several versions of the Linux kernel.

Impact

The vulnerability could lead to race conditions, where DMA-fences are not properly synchronized, potentially causing inconsistencies in how groups and queues are managed within the DRM/Panthor scheduling system.

Reproduction

The vulnerability can be reproduced by creating a scenario where 'drm_sched_fence_get_timeline_name' is called simultaneously with 'group_free_queue', without proper synchronization. This can be achieved by manipulating the timing of these function calls, taking advantage of the lack of safe access rules for DMA-fences.

Remediation

Users can update to the latest version of the Linux kernel where this vulnerability has been fixed. The specific commit addressing this issue is available in the Linux stable tree.