3 matches found
kernel: QXL: race condition leading to use-after-free in qxl_mode_dumb_create()
A race condition was found in the QXL driver in the Linux kernel. The qxlmodedumbcreate function dereferences the qobj returned by the qxlgemobjectcreatewithhandle, but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigge...
kernel: QXL: race condition leading to use-after-free in qxl_mode_dumb_create()
A race condition was found in the QXL driver in the Linux kernel. The qxlmodedumbcreate function dereferences the qobj returned by the qxlgemobjectcreatewithhandle, but the handle is the only one holding a reference to it. This flaw allows an attacker to guess the returned handle value and trigge...
Kernel: qxl: race condition leading to use-after-free in qxl_mode_dumb_create()
...