CVE-2021-47280

In the Linux kernel, the following vulnerability has been resolved:<br /> <br /> drm: Fix use-after-free read in drm_getunique()<br /> <br /> There is a time-of-check-to-time-of-use error in drm_getunique() due<br /> to retrieving file_priv-&gt;master prior to locking the device&amp;#39;s master<br /> mutex.<br /> <br /> An example can be seen in the crash report of the use-after-free error<br /> found by Syzbot:<br /> https://syzkaller.appspot.com/bug?id=148d2f1dfac64af52ffd27b661981a540724f803<br /> <br /> In the report, the master pointer was used after being freed. This is<br /> because another process had acquired the device&amp;#39;s master mutex in<br /> drm_setmaster_ioctl(), then overwrote fpriv-&gt;master in<br /> drm_new_set_master(). The old value of fpriv-&gt;master was subsequently<br /> freed before the mutex was unlocked.<br /> <br /> To fix this, we lock the device&amp;#39;s master mutex before retrieving the<br /> pointer from from fpriv-&gt;master. This patch passes the Syzbot<br /> reproducer test.