]> git.proxmox.com Git - mirror_ubuntu-artful-kernel.git/commit
projects / mirror_ubuntu-artful-kernel.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4962782) | patch
ALSA: pcm: prevent UAF in snd_pcm_info
authorRobb Glasser <rglasser@google.com>
Fri, 26 Jan 2018 16:11:23 +0000 (17:11 +0100)
committerStefan Bader <stefan.bader@canonical.com>
Wed, 14 Mar 2018 10:40:53 +0000 (11:40 +0100)
commitd5b39a01cac14b31d12459031cd77d178f31c030
tree04f223202218da153e02455441d3d54f1a86f351tree
parent496278275b134937e40ed0206008c883d4d652dacommit | diff
ALSA: pcm: prevent UAF in snd_pcm_info

CVE-2017-0861

When the device descriptor is closed, the `substream->runtime` pointer
is freed. But another thread may be in the ioctl handler, case
SNDRV_CTL_IOCTL_PCM_INFO. This case calls snd_pcm_info_user() which
calls snd_pcm_info() which accesses the now freed `substream->runtime`.

Note: this fixes CVE-2017-0861

Signed-off-by: Robb Glasser <rglasser@google.com>
Signed-off-by: Nick Desaulniers <ndesaulniers@google.com>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
(cherry picked from commit 362bca57f5d78220f8b5907b875961af9436e229)
Signed-off-by: Kleber Sacilotto de Souza <kleber.souza@canonical.com>
Acked-by: Colin Ian King <colin.king@canonical.com>
Acked-by: Khalid Elmously <khalid.elmously@canonical.com>
Signed-off-by: Khalid Elmously <khalid.elmously@canonical.com>
sound/core/pcm.c diff | blob | blame | history
Ubuntu Artful kernel mirror