linux-stable

mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-09-16 07:35:14 +00:00

History

Lv Yunlong 481a76d474 misc/libmasm/module: Fix two use after free in ibmasm_init_one [ Upstream commit `7272b591c4` ] In ibmasm_init_one, it calls ibmasm_init_remote_input_dev(). Inside ibmasm_init_remote_input_dev, mouse_dev and keybd_dev are allocated by input_allocate_device(), and assigned to sp->remote.mouse_dev and sp->remote.keybd_dev respectively. In the err_free_devices error branch of ibmasm_init_one, mouse_dev and keybd_dev are freed by input_free_device(), and return error. Then the execution runs into error_send_message error branch of ibmasm_init_one, where ibmasm_free_remote_input_dev(sp) is called to unregister the freed sp->remote.mouse_dev and sp->remote.keybd_dev. My patch add a "error_init_remote" label to handle the error of ibmasm_init_remote_input_dev(), to avoid the uaf bugs. Signed-off-by: Lv Yunlong <lyl2019@mail.ustc.edu.cn> Link: https://lore.kernel.org/r/20210426170620.10546-1-lyl2019@mail.ustc.edu.cn Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> Signed-off-by: Sasha Levin <sashal@kernel.org>		2021-07-20 16:16:07 +02:00
..
altera-stapl
c2port
cardreader	misc: rtsx: init of rts522a add OCP power off when no card is present	2021-03-04 09:39:54 +01:00
cb710
cxl	cxl: Rework error message for incompatible slots	2020-11-05 11:08:34 +01:00
echo	misc: echo: Remove unnecessary parentheses and simplify check for zero	2020-04-17 10:48:55 +02:00
eeprom	eeprom: idt_89hpesx: Restore printing the unsupported fwnode name	2021-07-20 16:15:56 +02:00
genwqe
ibmasm	misc/libmasm/module: Fix two use after free in ibmasm_init_one	2021-07-20 16:16:07 +02:00
lis3lv02d	platform/x86: hp_accel: Avoid invoking _INI to speed up resume	2021-06-03 08:38:09 +02:00
lkdtm	lkdtm: don't move ctors to .rodata	2021-03-24 11:07:31 +01:00
mei	mei: request autosuspend after sending rx flow control	2021-06-03 08:38:04 +02:00
mic	misc: vop: add round_up(x,4) for vring_size to avoid kernel panic	2020-10-30 10:38:29 +01:00
ocxl
sgi-gru
sgi-xp
ti-st
vmw_vmci	misc: vmw_vmci: explicitly initialize vmci_datagram payload	2021-05-22 10:59:24 +02:00
ad525x_dpot-i2c.c
ad525x_dpot-spi.c
ad525x_dpot.c
ad525x_dpot.h
apds990x.c
apds9802als.c
aspeed-lpc-ctrl.c
aspeed-lpc-snoop.c	soc: aspeed: fix a ternary sign expansion bug	2021-05-22 10:59:32 +02:00
atmel-ssc.c	misc: atmel-ssc: lock with mutex instead of spinlock	2020-07-22 09:32:12 +02:00
atmel_tclib.c
bh1770glc.c
cs5535-mfgpt.c
ds1682.c
dummy-irq.c
enclosure.c
fsa9480.c
hmc6352.c
hpilo.c
hpilo.h
ibmvmc.c
ibmvmc.h
ics932s401.c
ioc4.c
isl29003.c
isl29020.c
Kconfig
kgdbts.c	kgdb: fix gcc-11 warnings harder	2021-06-03 08:38:04 +02:00
lattice-ecp3-config.c
Makefile
pch_phub.c	PCI: Move Rohm Vendor ID to generic list	2020-06-22 09:05:23 +02:00
pci_endpoint_test.c	PCI: Add Synopsys endpoint EDDA Device ID	2020-06-22 09:05:24 +02:00
phantom.c
pti.c
qcom-coincell.c
spear13xx_pcie_gadget.c
sram-exec.c
sram.c
sram.h
tifm_7xx1.c
tifm_core.c
tsl2550.c
vexpress-syscfg.c
vmw_balloon.c