Arm Mali CSF kbase_kcpu_command_queue Use-After-Free
kbase_csf_kcpu_queue_enqueue() locks the kctx->csf.kcpu_queues, looks
up a pointer from inside that structure, then drops the lock before
continuing to use the kbase_kcpu_command_queue that was looked up. This is
a classic use-after-free pattern, where the lookup of a pointer is
protected but the protective lock is then released without first acquiring
any other lock or reference to keep the referenced object alive.
https://packetstormsecurity.com/files/171135/GS20230227151433.tgz
Mon, 27 Feb 2023 15:15:36 GMT
________________________________
--- The information is for inforamtional purposes only.
* Origin: Read us with
http://winpoint.org JID:
rs@captflint.com (2:467/4.444)