mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-02 07:04:24 +00:00
Code Issues Releases Wiki Activity
linux-stable/sound/usb
History
Hui Peng 19f74e4574 ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c 
commit 5f8cf71258 upstream.

If a USB sound card reports 0 interfaces, an error condition is triggered
and the function usb_audio_probe errors out. In the error path, there was a
use-after-free vulnerability where the memory object of the card was first
freed, followed by a decrement of the number of active chips. Moving the
decrement above the atomic_dec fixes the UAF.

[ The original problem was introduced in 3.1 kernel, while it was
  developed in a different form.  The Fixes tag below indicates the
  original commit but it doesn't mean that the patch is applicable
  cleanly. -- tiwai ]

Fixes: 362e4e49ab ("ALSA: usb-audio - clear chip->probing on error exit")
Reported-by: Hui Peng <benquike@gmail.com>
Reported-by: Mathias Payer <mathias.payer@nebelwelt.net>
Signed-off-by: Hui Peng <benquike@gmail.com>
Signed-off-by: Mathias Payer <mathias.payer@nebelwelt.net>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2018-12-13 09:18:51 +01:00
..
6fire ALSA: 6fire: Use common error handling code in usb6fire_chip_probe() 2017-09-07 10:29:35 +02:00
bcd2000 ALSA: bcd2000: Add a sanity check for invalid EPs 2018-02-25 11:07:48 +01:00
caiaq ALSA: caiaq: Add a sanity check for invalid EPs 2018-02-25 11:07:48 +01:00
hiface ALSA: usb: constify snd_pcm_ops structures 2017-08-19 11:02:27 +02:00
line6 ALSA: line6: Use correct endpoint type for midi output 2018-04-24 09:36:36 +02:00
misc ALSA: usb: constify snd_pcm_ops structures 2017-08-19 11:02:27 +02:00
usx2y ALSA: usx2y: Fix invalid stream URBs 2018-11-04 14:52:47 +01:00
card.c ALSA: usb-audio: Fix UAF decrement if card has no live interfaces in card.c 2018-12-13 09:18:51 +01:00
card.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
clock.c ALSA: usb-audio: Add sanity checks in v2 clock parsers 2017-11-30 08:40:48 +00:00
clock.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debug.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
endpoint.c ALSA: usb-audio: test EP_FLAG_RUNNING at urb completion 2017-01-05 07:35:17 +01:00
endpoint.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
format.c ALSA: usb-audio: rmove print for failure of kmalloc 2016-08-22 11:41:02 +02:00
format.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
helper.c
helper.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig ALSA: us122l: enable compile testing 2017-05-15 11:02:14 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
midi.c ALSA: usb-audio: Put missing KERN_CONT prefix 2017-08-31 11:02:13 +02:00
midi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mixer.c ALSA: usb: mixer: volume quirk for CM102-A+/102S+ 2018-05-22 18:53:55 +02:00
mixer.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mixer_maps.c ALSA: usb-audio: Skip broken EU on Dell dock USB-audio 2018-05-01 12:58:11 -07:00
mixer_quirks.c ALSA: usb-audio: Add mute TLV for playback volumes on C-Media devices 2017-08-17 17:52:16 +02:00
mixer_quirks.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mixer_scarlett.c ALSA: usb-audio: constify snd_kcontrol_new structures 2017-02-21 22:02:03 +01:00
mixer_scarlett.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mixer_us16x08.c ALSA: usb: Avoid VLA in mixer_us16x08.c 2017-05-31 08:46:19 +02:00
mixer_us16x08.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm.c ALSA: usb-audio: Apply rate limit to warning messages in URB complete callback 2018-08-03 07:50:33 +02:00
pcm.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
power.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
proc.c
proc.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
quirks-table.h ALSA: usb-audio: Fix multiple definitions in AU0828_DEVICE() macro 2018-09-26 08:37:59 +02:00
quirks.c ALSA: usb-audio: Add native DSD support for Luxman DA-06 2018-05-25 16:17:39 +02:00
quirks.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
stream.c ALSA: usb: Delete an error message for a failed memory allocation in two functions 2017-08-12 23:20:55 +02:00
stream.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
usbaudio.h