mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-08-23 09:19:51 +00:00
Code Issues Releases Wiki Activity
linux-stable/sound/usb
History
Zheyu Ma 4fc41f7ebb ALSA: bcd2000: Fix a UAF bug on the error path of probing 
commit ffb2759df7 upstream.

When the driver fails in snd_card_register() at probe time, it will free
the 'bcd2k->midi_out_urb' before killing it, which may cause a UAF bug.

The following log can reveal it:

[   50.727020] BUG: KASAN: use-after-free in bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]
[   50.727623] Read of size 8 at addr ffff88810fab0e88 by task swapper/4/0
[   50.729530] Call Trace:
[   50.732899]  bcd2000_input_complete+0x1f1/0x2e0 [snd_bcd2000]

Fix this by adding usb_kill_urb() before usb_free_urb().

Fixes: b47a22290d ("ALSA: MIDI driver for Behringer BCD2000 USB device")
Signed-off-by: Zheyu Ma <zheyuma97@gmail.com>
Cc: <stable@vger.kernel.org>
Link: https://lore.kernel.org/r/20220715010515.2087925-1-zheyuma97@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-08-25 11:11:10 +02:00
..
6fire ALSA: 6fire: fix control and bulk message timeouts 2021-11-26 11:40:21 +01:00
bcd2000 ALSA: bcd2000: Fix a UAF bug on the error path of probing 2022-08-25 11:11:10 +02:00
caiaq ALSA: caiaq: Add a sanity check for invalid EPs 2018-02-25 11:07:48 +01:00
hiface ALSA: usb: constify snd_pcm_ops structures 2017-08-19 11:02:27 +02:00
line6 ALSA: line6: fix control and interrupt message timeouts 2021-11-26 11:40:21 +01:00
misc ALSA: ua101: fix division by zero at probe 2021-11-26 11:40:21 +01:00
usx2y ALSA: usx2y: Fix potential NULL dereference 2020-05-02 17:24:22 +02:00
card.c ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls 2021-05-22 10:57:32 +02:00
card.h ALSA: usb-audio: work around streaming quirk for MacroSilicon MS2109 2020-08-21 09:48:15 +02:00
clock.c ALSA: usb-audio: Disable sample read check if firmware doesn't give back 2020-12-29 13:47:05 +01:00
clock.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
debug.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
endpoint.c Revert "ALSA: usb-audio: Improve frames size computation" 2020-07-09 09:36:32 +02:00
endpoint.h Revert "ALSA: usb-audio: Improve frames size computation" 2020-07-09 09:36:32 +02:00
format.c ALSA: usb-audio: fix rate on Ozone Z90 USB headset 2021-07-20 16:17:27 +02:00
format.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
helper.c ALSA: usb-audio: correct speed checking 2016-05-08 11:42:04 +02:00
helper.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
Kconfig ALSA: us122l: enable compile testing 2017-05-15 11:02:14 +02:00
Makefile License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
midi.c ALSA: usb-audio: Clear MIDI port active flag after draining 2022-04-27 13:15:29 +02:00
midi.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mixer.c ALSA: usb-audio: Fix OOB access of mixer element list 2020-06-30 15:38:02 -04:00
mixer.h ALSA: usb-audio: Fix OOB access of mixer element list 2020-06-30 15:38:02 -04:00
mixer_maps.c ALSA: usb-audio: Add mixer workaround for TRX40 and co 2020-04-24 08:00:33 +02:00
mixer_quirks.c ALSA: usb-audio: Add mute TLV for playback volumes on RODE NT-USB 2022-03-28 08:22:27 +02:00
mixer_quirks.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mixer_scarlett.c ALSA: usb-audio: Clean up mixer element list traverse 2020-06-30 15:38:02 -04:00
mixer_scarlett.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
mixer_us16x08.c ALSA: usb-audio: US16x08: fix value count for level meters 2020-12-08 10:17:34 +01:00
mixer_us16x08.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
pcm.c ALSA: usb-audio: fix sync-ep altsetting sanity check 2021-01-09 13:37:36 +01:00
pcm.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
power.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
proc.c
proc.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
quirks-table.h ALSA: usb-audio: Provide quirk for Sennheiser GSP670 Headset 2021-10-27 09:51:40 +02:00
quirks.c ALSA: usb-audio: Add error checks for usb_driver_claim_interface() calls 2021-05-22 10:57:32 +02:00
quirks.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
stream.c ALSA: usb-audio: Fix control 'access overflow' errors from chmap 2020-12-29 13:46:46 +01:00
stream.h License cleanup: add SPDX GPL-2.0 license identifier to files with no license 2017-11-02 11:10:55 +01:00
usbaudio.h ALSA: usb-audio: Fix undefined behavior due to shift overflowing the constant 2022-04-27 13:15:30 +02:00