CVE-2024-46837

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm/panthor: Restrict high priorities on group_create<br /> <br /> We were allowing any users to create a high priority group without any<br /> permission checks. As a result, this was allowing possible denial of<br /> service.<br /> <br /> We now only allow the DRM master or users with the CAP_SYS_NICE<br /> capability to set higher priorities than PANTHOR_GROUP_PRIORITY_MEDIUM.<br /> <br /> As the sole user of that uAPI lives in Mesa and hardcode a value of<br /> MEDIUM [1], this should be safe to do.<br /> <br /> Additionally, as those checks are performed at the ioctl level,<br /> panthor_group_create now only check for priority level validity.<br /> <br /> [1]https://gitlab.freedesktop.org/mesa/mesa/-/blob/f390835074bdf162a63deb0311d1a6de527f9f89/src/gallium/drivers/panfrost/pan_csf.c#L1038