Can you explain this vulnerability to me?

This vulnerability exists in the Linux kernel's DRM subsystem, specifically related to the DRM_IOCTL_MODE_CREATEPROPBLOB ioctl call. It allows userspace programs to allocate property blobs of arbitrary size backed by kernel memory.

The issue is that the allocated blob data is not properly accounted to the memory cgroup (memcg) of the allocating process. This means that unprivileged users can cause the kernel to consume an unlimited amount of memory without restriction.

The fix involves marking the property blob data allocation with GFP_KERNEL_ACCOUNT so that the memory usage is correctly charged to the caller's memory cgroup. This ensures that existing memory limits apply and prevents uncontrolled kernel memory growth.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability can allow an unprivileged user to trigger unbounded kernel memory consumption by allocating large property blobs without memory accounting.

As a result, this can lead to system-wide out-of-memory (OOM) conditions, potentially causing system instability, crashes, or denial of service.

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, ensure your Linux kernel is updated to a version where the drm: Account property blob allocations to memcg issue is resolved.

The fix involves marking the property blob data allocation with GFP_KERNEL_ACCOUNT so that memory is properly charged to the caller's memory cgroup, enforcing existing cgroup memory limits and preventing uncontrolled kernel memory growth.

Therefore, applying the latest kernel patches or upgrading to a fixed kernel version is the immediate step to prevent unprivileged users from causing unbounded kernel memory consumption and potential system-wide out-of-memory conditions.

Useful 0 Not Useful 0