CVE-2019-12881

Name of the Vulnerable Software and Affected Versions Linux kernel version 4.15.0

Description The issue allows local users to cause a denial of service or possibly have other unspecified impacts. This is achieved through crafted ioctl calls to /dev/dri/card0, leveraging the i915 gem userptr get pages function in the drivers/gpu/drm/i915/i915 gem userptr.c file. The impact includes a NULL pointer dereference and a BUG.

Recommendations For Linux kernel version 4.15.0, consider disabling the i915 gem userptr get pages function as a temporary workaround until a patch is available. Restrict access to the /dev/dri/card0 device file to minimize the risk of exploitation. Avoid using crafted ioctl calls to /dev/dri/card0 until the issue is resolved.