diff options
| author | Adrian Stratulat <adrian.stratulat@enea.com> | 2019-10-30 12:22:18 +0100 |
|---|---|---|
| committer | Adrian Stratulat <adrian.stratulat@enea.com> | 2019-10-30 12:25:31 +0100 |
| commit | ce752ac00b50afd2a1312d42b855c00f7b4eddc3 (patch) | |
| tree | 05aaa1b2573dbd6a2fa9de2248cdc15f36827d3b | |
| parent | cb5564e4b430ed587f73aae357ef4f3b15f4b2dc (diff) | |
| download | enea-kernel-cache-ce752ac00b50afd2a1312d42b855c00f7b4eddc3.tar.gz | |
USB: serial: CVE-2017-16525
USB: serial: console: fix use-after-free after failed setup
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-16525
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=299d7572e46f98534033a9e65973f13ad1ce9047
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.1.y&id=42651349f0207b8ba3b80b5bd868d9872fbcc6c1
Change-Id: Ie26418adae89e3f900606661aabd55d21e516a08
Signed-off-by: Adrian Stratulat <adrian.stratulat@enea.com>
| -rw-r--r-- | patches/cve/CVE-2017-16525.patch | 40 |
1 files changed, 40 insertions, 0 deletions
diff --git a/patches/cve/CVE-2017-16525.patch b/patches/cve/CVE-2017-16525.patch new file mode 100644 index 0000000..b1a635e --- /dev/null +++ b/patches/cve/CVE-2017-16525.patch | |||
| @@ -0,0 +1,40 @@ | |||
| 1 | From 42651349f0207b8ba3b80b5bd868d9872fbcc6c1 Mon Sep 17 00:00:00 2001 | ||
| 2 | From: Johan Hovold <johan@kernel.org> | ||
| 3 | Date: Wed, 4 Oct 2017 11:01:13 +0200 | ||
| 4 | Subject: USB: serial: console: fix use-after-free after failed setup | ||
| 5 | |||
| 6 | [ Upstream commit 299d7572e46f98534033a9e65973f13ad1ce9047 ] | ||
| 7 | |||
| 8 | Make sure to reset the USB-console port pointer when console setup fails | ||
| 9 | in order to avoid having the struct usb_serial be prematurely freed by | ||
| 10 | the console code when the device is later disconnected. | ||
| 11 | |||
| 12 | Fixes: 73e487fdb75f ("[PATCH] USB console: fix disconnection issues") | ||
| 13 | |||
| 14 | Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.1.y&id=42651349f0207b8ba3b80b5bd868d9872fbcc6c1] | ||
| 15 | CVE: CVE-2017-16525 | ||
| 16 | |||
| 17 | Cc: stable <stable@vger.kernel.org> # 2.6.18 | ||
| 18 | Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org> | ||
| 19 | Signed-off-by: Johan Hovold <johan@kernel.org> | ||
| 20 | Signed-off-by: Sasha Levin <alexander.levin@verizon.com> | ||
| 21 | Signed-off-by: Adrian Stratulat <adrian.stratulat@enea.com> | ||
| 22 | --- | ||
| 23 | drivers/usb/serial/console.c | 1 + | ||
| 24 | 1 file changed, 1 insertion(+) | ||
| 25 | |||
| 26 | diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c | ||
| 27 | index 3806e7014199..2938153fe7b1 100644 | ||
| 28 | --- a/drivers/usb/serial/console.c | ||
| 29 | +++ b/drivers/usb/serial/console.c | ||
| 30 | @@ -189,6 +189,7 @@ static int usb_console_setup(struct console *co, char *options) | ||
| 31 | tty_kref_put(tty); | ||
| 32 | reset_open_count: | ||
| 33 | port->port.count = 0; | ||
| 34 | + info->port = NULL; | ||
| 35 | usb_autopm_put_interface(serial->interface); | ||
| 36 | error_get_interface: | ||
| 37 | usb_serial_put(serial); | ||
| 38 | -- | ||
| 39 | cgit 1.2-0.3.lf.el7 | ||
| 40 | |||