summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSona Sarmadi <sona.sarmadi@enea.com>2016-04-14 11:40:53 (GMT)
committerTudor Florea <tudor.florea@enea.com>2016-04-15 11:20:43 (GMT)
commitf843c4d152d2819b4df601a19e71f15099efecc4 (patch)
treedd884277867515b21a49a73e0bc0265bab433276
parent291c45aaebb29078e32ff38f7b9998fd9fdfe167 (diff)
downloadmeta-hierofalcon-f843c4d152d2819b4df601a19e71f15099efecc4.tar.gz
kernel-ALSA: CVE-2016-2384
Fixes double-free in usb-audio triggered by invalid USB descriptor. Reference: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-2384 Reference to the upstream patch: https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/patch/?id=1ea63b629c9c53af6cdde4daf166b3d31b3e9cfe Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com> Signed-off-by: Tudor Florea <tudor.florea@enea.com>
-rw-r--r--recipes-kernel/linux/linux-hierofalcon/ALSA-CVE-2016-2384.patch41
-rw-r--r--recipes-kernel/linux/linux-hierofalcon_3.19.bb1
-rw-r--r--recipes-kernel/linux/linux-hierofalcon_4.1.bb1
3 files changed, 43 insertions, 0 deletions
diff --git a/recipes-kernel/linux/linux-hierofalcon/ALSA-CVE-2016-2384.patch b/recipes-kernel/linux/linux-hierofalcon/ALSA-CVE-2016-2384.patch
new file mode 100644
index 0000000..23fb898
--- /dev/null
+++ b/recipes-kernel/linux/linux-hierofalcon/ALSA-CVE-2016-2384.patch
@@ -0,0 +1,41 @@
1From 1ea63b629c9c53af6cdde4daf166b3d31b3e9cfe Mon Sep 17 00:00:00 2001
2From: Andrey Konovalov <andreyknvl@gmail.com>
3Date: Sat, 13 Feb 2016 11:08:06 +0300
4Subject: ALSA: usb-audio: avoid freeing umidi object twice
5
6[ Upstream commit 07d86ca93db7e5cdf4743564d98292042ec21af7 ]
7
8The 'umidi' object will be free'd on the error path by snd_usbmidi_free()
9when tearing down the rawmidi interface. So we shouldn't try to free it
10in snd_usbmidi_create() after having registered the rawmidi interface.
11
12Found by KASAN.
13
14CVE: CVE-2016-2384
15Upstream-Status: Backport
16
17Signed-off-by: Andrey Konovalov <andreyknvl@gmail.com>
18Acked-by: Clemens Ladisch <clemens@ladisch.de>
19Cc: <stable@vger.kernel.org>
20Signed-off-by: Takashi Iwai <tiwai@suse.de>
21Signed-off-by: Sasha Levin <sasha.levin@oracle.com>
22Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>
23---
24 sound/usb/midi.c | 1 -
25 1 file changed, 1 deletion(-)
26
27diff --git a/sound/usb/midi.c b/sound/usb/midi.c
28index bec63e0..f059326 100644
29--- a/sound/usb/midi.c
30+++ b/sound/usb/midi.c
31@@ -2451,7 +2451,6 @@ int snd_usbmidi_create(struct snd_card *card,
32 else
33 err = snd_usbmidi_create_endpoints(umidi, endpoints);
34 if (err < 0) {
35- snd_usbmidi_free(umidi);
36 return err;
37 }
38
39--
40cgit v0.12
41
diff --git a/recipes-kernel/linux/linux-hierofalcon_3.19.bb b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
index 55ccec7..5419b62 100644
--- a/recipes-kernel/linux/linux-hierofalcon_3.19.bb
+++ b/recipes-kernel/linux/linux-hierofalcon_3.19.bb
@@ -36,6 +36,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-3.19;branch="standard/qemuarm6
36 file://net-unix-CVE-2013-7446.patch \ 36 file://net-unix-CVE-2013-7446.patch \
37 file://ALSA-CVE-2016-2546.patch \ 37 file://ALSA-CVE-2016-2546.patch \
38 file://Btrfs-CVE-2015-8374.patch \ 38 file://Btrfs-CVE-2015-8374.patch \
39 file://ALSA-CVE-2016-2384.patch \
39 " 40 "
40 41
41S = "${WORKDIR}/git" 42S = "${WORKDIR}/git"
diff --git a/recipes-kernel/linux/linux-hierofalcon_4.1.bb b/recipes-kernel/linux/linux-hierofalcon_4.1.bb
index f528b53..39c40dd 100644
--- a/recipes-kernel/linux/linux-hierofalcon_4.1.bb
+++ b/recipes-kernel/linux/linux-hierofalcon_4.1.bb
@@ -37,6 +37,7 @@ SRC_URI = "git://git.yoctoproject.org/linux-yocto-4.1;branch="standard/qemuarm64
37 file://bpf-CVE-2016-2383.patch \ 37 file://bpf-CVE-2016-2383.patch \
38 file://ALSA-CVE-2016-2546.patch \ 38 file://ALSA-CVE-2016-2546.patch \
39 file://Btrfs-CVE-2015-8374.patch \ 39 file://Btrfs-CVE-2015-8374.patch \
40 file://ALSA-CVE-2016-2384.patch \
40 " 41 "
41 42
42S = "${WORKDIR}/git" 43S = "${WORKDIR}/git"