Mitigate Baron SameEdit (CVE-2021-3156) vulnerability

rhel 6
access weakness #17

1

Weakness Breakdown


Definition:

An access weakness occurs when software does not properly implement permissions that could have unintended consequences if exploited by malicious actors. An example of this weakness is when a default username and password are set by the developer but do not get changed by the system administrator.

Warning code(s):

Ensure that umask is given most restrictive possible setting.

File Name:

Mesa-6.5.1/src/mesa/drivers/dri/r300/r300_fragprog.c

Context:

The highlighted line of code below is the trigger point of this particular Red Hat Enterprise Linux 6 access weakness.

 	
	/* Look for matches */
	for (i=0,csm=srcmask; i<3; i++,csm=csm<<1) {	
		/* If sources have been allocated in this position(s)... */
		if ((cs->slot[pos].umask & csm) == csm) {
			/* ... and the register number(s) match, re-use the
			   source */
			if (srcmask == SLOT_VECTOR &&
			    cs->slot[pos].vsrc[i] == reg)
				return i;
			if (srcmask == SLOT_SCALAR &&
			    cs->slot[pos].ssrc[i] == reg)
				return i;
			if (srcmask == SLOT_BOTH &&
			    cs->slot[pos].vsrc[i] == reg &&
			    cs->slot[pos].ssrc[i] == reg)
				return i;
		}
	}

	/* Look for free spaces */
	for (i=0,csm=srcmask; i<3; i++,csm=csm<<1) {
		/* If the position(s) haven't been allocated */
		if ((cs->slot[pos].umask & csm) == 0) {
			cs->slot[pos].umask |= csm;

			if (srcmask & SLOT_VECTOR)
				cs->slot[pos].vsrc[i] = reg;
			if (srcmask & SLOT_SCALAR)
				cs->slot[pos].ssrc[i] = reg;
			return i;
		}	
	}
	
	//ERROR("Failed to allocate sources in FPI1/FPI3!\n");
	return 0;
}

/* Determine whether or not to position opcode in the same ALU slot for both
 * vector and scalar portions of an instruction.
 *
 * It's not necessary to force the first case, but it makes disassembled
 * shaders easier to read.
 */
static GLboolean force_same_slot(int vop, int sop,
				 GLboolean emit_vop, GLboolean emit_sop,
				 int argc, pfs_reg_t *src)
{
	int i;
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.