Linux DRM Race Condition / Use-After-Free

Linux has an issue where drmfileupdatepid calls getpid too late, which creates a race condition that can lead to use-after-free of a struct pid. I am sending this to security@ and to the drm-misc maintainers - based on...

CVE-2024-39486

In the Linux kernel, the following vulnerability has been resolved: drm/drmfile: Fix pid refcounting race , Maxime Ripard , Thomas Zimmermann filp-pid is supposed to be a refcounted pointer; however, before this patch, drmfileupdatepid only increments the refcount of a struct pid after storing a...