mirrors
/
linux-stable
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,222,138 Commits 103 Branches 5,015 Tags 5.4 GiB
C 97.6%
Assembly 1%
Shell 0.5%
Python 0.3%
Makefile 0.3%
Go to file
Zhipeng Lu 779e8db7ef media: edia: dvbdev: fix a use-after-free 
[ Upstream commit 8c64f4cdf4 ]

In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed
in several error-handling paths. However, *pdvbdev is not set to NULL
after dvbdev's deallocation, causing use-after-frees in many places,
for example, in the following call chain:

budget_register
  |-> dvb_dmxdev_init
        |-> dvb_register_device
  |-> dvb_dmxdev_release
        |-> dvb_unregister_device
              |-> dvb_remove_device
                    |-> dvb_device_put
                          |-> kref_put

When calling dvb_unregister_device, dmxdev->dvbdev (i.e. *pdvbdev in
dvb_register_device) could point to memory that had been freed in
dvb_register_device. Thereafter, this pointer is transferred to
kref_put and triggering a use-after-free.

Link: https://lore.kernel.org/linux-media/20240203134046.3120099-1-alexious@zju.edu.cn
Fixes: b619010247 ("V4L/DVB (5244): Dvbdev: fix illegal re-usage of fileoperations struct")
Signed-off-by: Zhipeng Lu <alexious@zju.edu.cn>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
Signed-off-by: Sasha Levin <sashal@kernel.org>
 		2024-03-26 18:19:45 -04:00
Documentation ovl: add support for appending lowerdirs one by one 2024-03-26 18:19:18 -04:00
LICENSES LICENSES: Add the copyleft-next-0.3.1 license 2022-11-08 15:44:01 +01:00
arch s390/cache: prevent rebuild of shared_cpu_list 2024-03-26 18:19:38 -04:00
block block: Provide bdev_open_* functions 2024-03-26 18:19:40 -04:00
certs certs: Reference revocation list for all keyrings 2023-08-17 20:12:41 +00:00
crypto crypto: algif_hash - Remove bogus SGL free on zero-length error path 2024-02-23 09:25:11 +01:00
drivers media: edia: dvbdev: fix a use-after-free 2024-03-26 18:19:45 -04:00
fs erofs: fix lockdep false positives on initializing erofs_pseudo_mnt 2024-03-26 18:19:40 -04:00
include drm: Don't treat 0 as -1 in drm_fixp2int_ceil 2024-03-26 18:19:42 -04:00
init update workarounds for gcc "asm goto" issue 2024-02-23 09:24:47 +01:00
io_uring io_uring/net: fix overflow check in io_recvmsg_mshot_prep() 2024-03-26 18:19:18 -04:00
ipc Add x86 shadow stack support 2023-08-31 12:20:12 -07:00
kernel bpf: hardcode BPF_PROG_PACK_SIZE to 2MB * num_possible_nodes() 2024-03-26 18:19:41 -04:00
lib net: blackhole_dev: fix build warning for ethh set but not used 2024-03-26 18:19:26 -04:00
mm readahead: avoid multiple marked readahead pages 2024-03-15 10:48:21 -04:00
net net/x25: fix incorrect parameter validation in the x25_getsockopt() function 2024-03-26 18:19:41 -04:00
rust rust: upgrade to Rust 1.73.0 2024-02-16 19:10:43 +01:00
samples work around gcc bugs with 'asm goto' with outputs 2024-02-23 09:24:47 +01:00
scripts gen_compile_commands: fix invalid escape sequence warning 2024-03-26 18:19:11 -04:00
security landlock: Fix asymmetric private inodes referring 2024-03-06 14:48:39 +00:00
sound ASoC: sh: rz-ssi: Fix error message print 2024-03-26 18:19:44 -04:00
tools perf bpf: Clean up the generated/copied vmlinux.h 2024-03-26 18:19:45 -04:00
usr initramfs: Encode dependency on KBUILD_BUILD_TIMESTAMP 2023-06-06 17:54:49 +09:00
virt ARM: 2023-09-07 13:52:20 -07:00
.clang-format iommu: Add for_each_group_device() 2023-05-23 08:15:51 +02:00
.cocciconfig
.get_maintainer.ignore get_maintainer: add Alan to .get_maintainer.ignore 2022-08-20 15:17:44 -07:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore kbuild: rpm-pkg: rename binkernel.spec to kernel.spec 2023-07-25 00:59:33 +09:00
.mailmap 20 hotfixes. 12 are cc:stable and the remainder address post-6.5 issues 2023-10-24 09:52:16 -10:00
.rustfmt.toml rust: add `.rustfmt.toml` 2022-09-28 09:02:20 +02:00
COPYING COPYING: state that all contributions really are covered by this file 2020-02-10 13:32:20 -08:00
CREDITS USB: Remove Wireless USB and UWB documentation 2023-08-09 14:17:32 +02:00
Kbuild Kbuild updates for v6.1 2022-10-10 12:00:45 -07:00
Kconfig kbuild: ensure full rebuild when the compiler is updated 2020-05-12 13:28:33 +09:00
MAINTAINERS MAINTAINERS: add Catherine as xfs maintainer for 6.6.y 2024-02-16 19:10:43 +01:00
Makefile Linux 6.6.22 2024-03-15 14:25:07 -04:00
README Drop all 00-INDEX files from Documentation/ 2018-09-09 15:08:58 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.