mirrors/linux-stable
1
0
Fork 0
mirror of https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git synced 2024-10-05 16:37:50 +00:00
Code Issues Releases Wiki Activity
linux-stable/drivers
History
Mazin Al Haddad f16c6d2e58 tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() 
A null pointer dereference can happen when attempting to access the
"gsm->receive()" function in gsmld_receive_buf(). Currently, the code
assumes that gsm->recieve is only called after MUX activation.
Since the gsmld_receive_buf() function can be accessed without the need to
initialize the MUX, the gsm->receive() function will not be set and a
NULL pointer dereference will occur.

Fix this by avoiding the call to "gsm->receive()" in case the function is
not initialized by adding a sanity check.

Call Trace:
 <TASK>
 gsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861
 tiocsti drivers/tty/tty_io.c:2293 [inline]
 tty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl fs/ioctl.c:856 [inline]
 __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Link: https://syzkaller.appspot.com/bug?id=bdf035c61447f8c6e0e6920315d577cb5cc35ac5
Fixes: 01aecd9171 ("tty: n_gsm: fix tty registration before control channel open")
Cc: stable <stable@kernel.org>
Reported-and-tested-by: syzbot+e3563f0c94e188366dbb@syzkaller.appspotmail.com
Signed-off-by: Mazin Al Haddad <mazinalhaddad05@gmail.com>
Link: https://lore.kernel.org/r/20220814015211.84180-1-mazinalhaddad05@gmail.com
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2022-08-30 14:34:36 +02:00
..
accessibility TTY / Serial driver changes for 6.0-rc1 2022-08-08 11:31:40 -07:00
acpi More ACPI updates for 5.20-rc1 2022-08-11 13:26:09 -07:00
amba
android
ata
atm atm: idt77252: fix use-after-free bugs caused by tst_timer 2022-08-08 20:51:59 -07:00
auxdisplay
base
bcma
block xen: branch for v6.0-rc1b 2022-08-14 09:28:54 -07:00
bluetooth
bus
cdrom
char
clk
clocksource RISC-V: Add Sstc extension support 2022-08-11 14:41:52 -07:00
comedi
connector
counter
cpufreq More power management updates for 5.20-rc1 2022-08-08 14:29:00 -07:00
cpuidle More power management updates for 5.20-rc1 2022-08-08 14:29:00 -07:00
crypto
cxl
dax
dca
devfreq More power management updates for 5.20-rc1 2022-08-08 14:29:00 -07:00
dio
dma
dma-buf
edac
eisa
extcon
firewire
firmware
fpga
fsi
gnss
gpio
gpu drm fixes for 6.0-rc1 2022-08-11 19:12:15 -07:00
greybus
hid
hsi
hte
hv
hwmon hwmon: (nct6775) Fix platform driver suspend regression 2022-08-10 06:37:01 -07:00
hwspinlock
hwtracing
i2c i2c: move core from strlcpy to strscpy 2022-08-11 23:02:52 +02:00
i3c
idle
iio
infiniband
input Input updates for 5.20 (6.0) merge window: 2022-08-11 09:23:08 -07:00
interconnect
iommu Bitmap patches for v6.0-rc1 2022-08-07 17:52:35 -07:00
ipack
irqchip
isdn
leds LED updates for 5.20: new driver for bcm63138, is31fl319x updates, 2022-08-08 11:36:21 -07:00
macintosh
mailbox - mtk: use rx_callback instead of cmdq_task_cb. 2022-08-08 10:19:40 -07:00
mcb
md - A few fixes for the DM verity and bufio changes from the 6.0 merge. 2022-08-11 19:46:48 -07:00
media More power management updates for 5.20-rc1 2022-08-08 14:29:00 -07:00
memory More power management updates for 5.20-rc1 2022-08-08 14:29:00 -07:00
memstick
message
mfd
misc
mmc
most
mtd
mux
net virtio: fatures, fixes 2022-08-12 09:50:34 -07:00
nfc
ntb NTB: epf: Allow more flexibility in the memory BAR map method 2022-08-09 17:54:03 -04:00
nubus
nvdimm virtio: fatures, fixes 2022-08-12 09:50:34 -07:00
nvme block-6.0-2022-08-12 2022-08-13 13:37:36 -07:00
nvmem
of RISC-V Patches for the 5.20 Merge Window, Part 2 2022-08-12 18:39:43 -07:00
opp
parisc
parport
pci Fix of heap data and clang warnings, support for a new Intel NTB device, 2022-08-13 14:00:45 -07:00
pcmcia
peci
perf perf: riscv_pmu{,_sbi}: Miscallenous improvement & fixes 2022-08-12 07:17:38 -07:00
phy
pinctrl Pin control bulk changes for v6.0: 2022-08-10 11:01:44 -07:00
platform virtio: fatures, fixes 2022-08-12 09:50:34 -07:00
pnp
power power supply and reset changes for the v6.0 series 2022-08-12 09:37:33 -07:00
powercap
pps
ps3
ptp
pwm
rapidio
ras
regulator
remoteproc virtio: fatures, fixes 2022-08-12 09:50:34 -07:00
reset
rpmsg
rtc rtc: spear: set range max 2022-08-09 00:56:41 +02:00
s390 SCSI misc on 20220813 2022-08-13 13:41:48 -07:00
sbus
scsi SCSI misc on 20220813 2022-08-13 13:41:48 -07:00
sh
siox
slimbus
soc More power management updates for 5.20-rc1 2022-08-08 14:29:00 -07:00
soundwire
spi
spmi
ssb
staging
target SCSI misc on 20220813 2022-08-13 13:41:48 -07:00
tc
tee
thermal More thermal control updates for 5.20-rc1 2022-08-08 14:23:37 -07:00
thunderbolt
tty tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() 2022-08-30 14:34:36 +02:00
ufs SCSI misc on 20220813 2022-08-13 13:41:48 -07:00
uio
usb TTY / Serial driver changes for 6.0-rc1 2022-08-08 11:31:40 -07:00
vdpa vdpa/mlx5: Fix possible uninitialized return value 2022-08-11 10:00:36 -04:00
vfio vfio: Move vfio.c to vfio_main.c 2022-08-08 14:33:41 -06:00
vhost virtio: fatures, fixes 2022-08-12 09:50:34 -07:00
video TTY / Serial driver changes for 6.0-rc1 2022-08-08 11:31:40 -07:00
virt
virtio virtio: fatures, fixes 2022-08-12 09:50:34 -07:00
vlynq
w1
watchdog linux-watchdog 5.20-rc1 tag 2022-08-08 15:04:04 -07:00
xen xen: branch for v6.0-rc1b 2022-08-14 09:28:54 -07:00
zorro
Kconfig
Makefile