Description: Intel Gen9 Graphics Privilege Escalation
References:
Notes:
 bwh> The blitter on Intel gen9 GPUs is
 bwh> missing an expected security check on commands.  This can be
 bwh> triggered by local users that can submit commands to the GPU.
 bwh> The i915 driver will need to check them before submitting to hw.
Bugs:
upstream: released (5.4-rc8) [0a2f661b6c21815a7fa60e30babe975fee8e73c6, 44157641d448cbc0c4b73c5231d2b911f0cb0427, 66d8aba1cd6db34af10de465c0d52af679288cb6, 311a50e76a33d1e029563c24b2ff6db0c02b5afe, 4f7af1948abcb18b4772fe1bcd84d7d27d96258c, 435e8fc059dbe0eec823a75c22da2972390ba9e0, 0f2f39758341df70202ae1c42d5a1e4ee392b6d3, 0546a29cd884fb8184731c79ab008927ca8859d0, f8c08d8faee5567803c8c533865296ca30286bbf, 926abff21a8f29ef159a3ac893b05c6e50e043c3, ea0b163b13ffc52818c079adb00d55e227a6da6f]
4.19-upstream-stable: released (4.19.84) [b4b1abdc6b181cb78a072b95557ae392d423c3eb, f1ff77080fa1828dfd67b3082053da1fbb80dfff, fba4207cf15e462c8b388bde1dabb1b64eca21b0, fc3510fe6f6bcee80279238daf1c5de4d6570210, 7ce726b61c577344655436d6bf49a13e911b6f0a, fea688c5dd8197fe1ad14a5a2596fee36f993bb8, cdd77c6b4be41d35000611e2dc9a17a3db808976, f27bc2b5950dccac563706a764aa0c2d387db8e9, 6e53c71a69138059c8a4dcd1f9a2967c85fede64, a7bda639a17fe92b66b8bb28e81b558cb8678c85, fee619bb813648ea90bf024171acfaaec2f031fc]
4.9-upstream-stable: released (4.9.201) [64003d092ec9b9ecf03984513aee106c15b411e7, 52306d4210bce70455ab80a598e1658a41ec569e, 44f0f8d44b3771270657bc7b2372d995350752d4, 943ccd0cc6c6febe23018776e65a3a56aea9968c, 9f5fb6f2e59e65d51e8b77a4f958db4c8c1a51ac, 05e5cf18ae4189c0a13dc1e704c78bed79a1b0f9, a6ba2df10d64d6d113ac3e033e3c4b80a3febd66, 81848cc9c57295e05c8ba81fa2b2b4b8a3962c3c, a7a1a3e368b5f42e75e14da66c6c9f9825d3217c, bd671d06b6232107943ec93cf587aa00ece495af, 139bb57b355ed8bef2dc619ea9e63923c245557a]
3.16-upstream-stable: N/A "Driver doesn't support this hardware"
sid: released (5.3.9-2) [bugfix/x86/i915/0001-drm-i915-Rename-gen7-cmdparser-tables.patch, bugfix/x86/i915/0002-drm-i915-Disable-Secure-Batches-for-gen6.patch, bugfix/x86/i915/0003-drm-i915-Remove-Master-tables-from-cmdparser.patch, bugfix/x86/i915/0004-drm-i915-Add-support-for-mandatory-cmdparsing.patch, bugfix/x86/i915/0005-drm-i915-Support-ro-ppgtt-mapped-cmdparser-shadow-bu.patch, bugfix/x86/i915/0006-drm-i915-Allow-parsing-of-unsized-batches.patch, bugfix/x86/i915/0007-drm-i915-Add-gen9-BCS-cmdparsing.patch, bugfix/x86/i915/0008-drm-i915-cmdparser-Use-explicit-goto-for-error-paths.patch, bugfix/x86/i915/0009-drm-i915-cmdparser-Add-support-for-backward-jumps.patch, bugfix/x86/i915/0010-drm-i915-cmdparser-Ignore-Length-operands-during-com.patch, bugfix/x86/i915/drm-i915-cmdparser-fix-jump-whitelist-clearing.patch]
4.19-buster-security: released (4.19.67-2+deb10u2) [bugfix/x86/i915/0001-drm-i915-Rename-gen7-cmdparser-tables.patch, bugfix/x86/i915/0002-drm-i915-Disable-Secure-Batches-for-gen6.patch, bugfix/x86/i915/0003-drm-i915-Remove-Master-tables-from-cmdparser.patch, bugfix/x86/i915/0004-drm-i915-Add-support-for-mandatory-cmdparsing.patch, bugfix/x86/i915/0005-drm-i915-Support-ro-ppgtt-mapped-cmdparser-shadow-bu.patch, bugfix/x86/i915/0006-drm-i915-Allow-parsing-of-unsized-batches.patch, bugfix/x86/i915/0007-drm-i915-Add-gen9-BCS-cmdparsing.patch, bugfix/x86/i915/0008-drm-i915-cmdparser-Use-explicit-goto-for-error-paths.patch, bugfix/x86/i915/0009-drm-i915-cmdparser-Add-support-for-backward-jumps.patch, bugfix/x86/i915/0010-drm-i915-cmdparser-Ignore-Length-operands-during-com.patch, bugfix/x86/i915/drm-i915-cmdparser-fix-jump-whitelist-clearing.patch]
4.9-stretch-security: released (4.9.189-3+deb9u2) [bugfix/x86/i915/0001-drm-i915-Rename-gen7-cmdparser-tables.patch, bugfix/x86/i915/0002-drm-i915-Disable-Secure-Batches-for-gen6.patch, bugfix/x86/i915/0003-drm-i915-Remove-Master-tables-from-cmdparser.patch, bugfix/x86/i915/0004-drm-i915-Add-support-for-mandatory-cmdparsing.patch, bugfix/x86/i915/0005-drm-i915-Support-ro-ppgtt-mapped-cmdparser-shadow-bu.patch, bugfix/x86/i915/0006-drm-i915-Allow-parsing-of-unsized-batches.patch, bugfix/x86/i915/0007-drm-i915-Add-gen9-BCS-cmdparsing.patch, bugfix/x86/i915/0008-drm-i915-cmdparser-Use-explicit-goto-for-error-paths.patch, bugfix/x86/i915/0009-drm-i915-cmdparser-Add-support-for-backward-jumps.patch, bugfix/x86/i915/0010-drm-i915-cmdparser-Ignore-Length-operands-during-com.patch, bugfix/x86/i915/drm-i915-cmdparser-fix-jump-whitelist-clearing.patch]
3.16-jessie-security: N/A "Driver doesn't support this hardware"