From ce752ac00b50afd2a1312d42b855c00f7b4eddc3 Mon Sep 17 00:00:00 2001
From: Adrian Stratulat <adrian.stratulat@enea.com>
Date: Wed, 30 Oct 2019 12:22:18 +0100
Subject: USB: serial: CVE-2017-16525

USB: serial: console: fix use-after-free after failed setup

References:
https://nvd.nist.gov/vuln/detail/CVE-2017-16525
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=299d7572e46f98534033a9e65973f13ad1ce9047
https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.1.y&id=42651349f0207b8ba3b80b5bd868d9872fbcc6c1

Change-Id: Ie26418adae89e3f900606661aabd55d21e516a08
Signed-off-by: Adrian Stratulat <adrian.stratulat@enea.com>
---
 patches/cve/CVE-2017-16525.patch | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 patches/cve/CVE-2017-16525.patch

diff --git a/patches/cve/CVE-2017-16525.patch b/patches/cve/CVE-2017-16525.patch
new file mode 100644
index 0000000..b1a635e
--- /dev/null
+++ b/patches/cve/CVE-2017-16525.patch
@@ -0,0 +1,40 @@
+From 42651349f0207b8ba3b80b5bd868d9872fbcc6c1 Mon Sep 17 00:00:00 2001
+From: Johan Hovold <johan@kernel.org>
+Date: Wed, 4 Oct 2017 11:01:13 +0200
+Subject: USB: serial: console: fix use-after-free after failed setup
+
+[ Upstream commit 299d7572e46f98534033a9e65973f13ad1ce9047 ]
+
+Make sure to reset the USB-console port pointer when console setup fails
+in order to avoid having the struct usb_serial be prematurely freed by
+the console code when the device is later disconnected.
+
+Fixes: 73e487fdb75f ("[PATCH] USB console: fix disconnection issues")
+
+Upstream-Status: Backport [https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-4.1.y&id=42651349f0207b8ba3b80b5bd868d9872fbcc6c1]
+CVE: CVE-2017-16525
+
+Cc: stable <stable@vger.kernel.org>	# 2.6.18
+Acked-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
+Signed-off-by: Johan Hovold <johan@kernel.org>
+Signed-off-by: Sasha Levin <alexander.levin@verizon.com>
+Signed-off-by: Adrian Stratulat <adrian.stratulat@enea.com>
+---
+ drivers/usb/serial/console.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c
+index 3806e7014199..2938153fe7b1 100644
+--- a/drivers/usb/serial/console.c
++++ b/drivers/usb/serial/console.c
+@@ -189,6 +189,7 @@ static int usb_console_setup(struct console *co, char *options)
+ 	tty_kref_put(tty);
+  reset_open_count:
+ 	port->port.count = 0;
++	info->port = NULL;
+ 	usb_autopm_put_interface(serial->interface);
+  error_get_interface:
+ 	usb_serial_put(serial);
+-- 
+cgit 1.2-0.3.lf.el7
+
-- 
cgit v1.2.3-54-g00ecf