UbiquitousOS
/
anolis-cloud-kernel
mirror of https://gitee.com/anolis/cloud-kernel.git
11
0
Fork 0
Code Issues Projects Releases Wiki Activity
anolis-cloud-kernel/drivers/media
History
Ricardo B. Marliere 8d56d12294 media: pvrusb2: fix use after free on context disconnection 
ANBZ: #8555

commit ded85b0c0e upstream.

Upon module load, a kthread is created targeting the
pvr2_context_thread_func function, which may call pvr2_context_destroy
and thus call kfree() on the context object. However, that might happen
before the usb hub_event handler is able to notify the driver. This
patch adds a sanity check before the invalid read reported by syzbot,
within the context disconnection call stack.

Reported-and-tested-by: syzbot+621409285c4156a009b3@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/000000000000a02a4205fff8eb92@google.com/

Fixes: e5be15c638 ("V4L/DVB (7711): pvrusb2: Fix race on module unload")
Signed-off-by: Ricardo B. Marliere <ricardo@marliere.net>
Acked-by: Mike Isely <isely@pobox.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>

Fixes: CVE-2023-52445
Signed-off-by: Xiao Long <xiaolong@openanolis.org>
Signed-off-by: Qinyun Tan <qinyuntan@linux.alibaba.com>
Reviewed-by: Xunlei Pang <xlpang@linux.alibaba.com>
Link: https://gitee.com/anolis/cloud-kernel/pulls/3021
 		2024-05-22 12:03:38 +00:00
..
cec media: cec: report Vendor ID after initialization 2019-12-13 08:51:38 +01:00
common media: videobuf2-dma-sg: Prevent size from overflowing 2019-07-26 09:14:24 +02:00
dvb-core media: dvb-core: Fix kernel WARNING for blocking operation in wait_event*() 2023-07-24 07:00:35 +00:00
dvb-frontends media: dvb-frontends: use ida for pll number 2019-10-05 13:09:46 +02:00
firewire media: firewire: Fix app_info parameter type in avc_ca{,_app}_info 2019-01-26 09:32:37 +01:00
i2c media: ov13858: Check for possible null pointer 2019-12-01 09:17:18 +01:00
mmc media: siano: use GFP_DMA only for smssdio 2018-05-15 08:04:42 -04:00
pci media: saa7134: fix use after free bug in saa7134_finidev due to race condition 2024-01-10 07:53:41 +00:00
platform media: vivid: dev->bitmap_cap wasn't freed in all cases 2024-01-10 07:54:24 +00:00
radio media: si470x: Fix use-after-free in si470x_int_in_callback() 2023-04-18 07:30:12 +00:00
rc bpf: media: properly use bpf_prog_array api 2024-01-16 11:26:12 +00:00
spi media: cxd2880-spi: fix probe when dvb_attach fails 2019-12-13 08:52:23 +01:00
tuners Merge branch 'i2c/for-4.19' of git://git.kernel.org/pub/scm/linux/kernel/git/wsa/linux 2018-08-21 17:40:46 -07:00
usb media: pvrusb2: fix use after free on context disconnection 2024-05-22 12:03:38 +00:00
v4l2-core media: v4l2-mem2mem: Apply DST_QUEUE_OFF_BASE on MMAP buffers across ioctls 2022-12-02 05:58:26 +00:00
Kconfig media: cec: Kconfig coding style issue 2018-05-09 16:26:50 -04:00
Makefile
media-device.c media: mc-device.c: don't memset __user pointer contents 2019-07-26 09:14:02 +02:00
media-devnode.c MAINTAINERS & files: Canonize the e-mails I use at files 2018-05-04 06:21:06 -04:00
media-entity.c media: media.h: reorganize header to make it easier to understand 2018-02-26 10:14:46 -05:00