CVE-2023-52930

CVE-2023-52930 is a double-free vulnerability in the Linux kernel's drm/i915 driver, specifically affecting the handling of the bit_17 bitmask during tiling operations. The issue arises when userspace applications with multiple threads race to execute the I915_GEM_SET_TILING ioctl to set tiling to I915_TILING_NONE, potentially leading to a double free of the bitmask or, conversely, a memory leak during transitions to tiled modes. This flaw, classified under CWE-415, carries a CVSS v3.1 base score of 7.8 (AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).

A local attacker with low privileges can exploit this vulnerability by crafting a multithreaded userspace program that races the I915_GEM_SET_TILING ioctl calls. Successful exploitation could result in high-impact consequences, including arbitrary code execution, denial of service via kernel crashes, or memory corruption, due to the double-free enabling potential use-after-free attacks or memory leaks that disclose sensitive data.

The provided references point to stable kernel patch commits that resolve the issue by moving the allocation and freeing of the bit_17 bitmask inside the section protected by the object lock, preventing the race condition. These patches, cherry-picked from upstream commit 10e0cbaaf1104f449d695c80bcacf930dcd3c42e, have been backported to various stable kernel branches, with tags for stable release inclusion. Security practitioners should ensure systems with the Intel i915 driver are updated to kernels incorporating these fixes.