proxmox-mirrors/mirror_ubuntu-kernels
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_ubuntu-kernels.git synced 2025-12-09 09:48:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
8b51dc7291
mirror_ubuntu-kernels/drivers/net
History
Hui Peng 8b51dc7291 rsi: fix a double free bug in rsi_91x_deinit() 
`dev` (struct rsi_91x_usbdev *) field of adapter
(struct rsi_91x_usbdev *) is allocated  and initialized in
`rsi_init_usb_interface`. If any error is detected in information
read from the device side,  `rsi_init_usb_interface` will be
freed. However, in the higher level error handling code in
`rsi_probe`, if error is detected, `rsi_91x_deinit` is called
again, in which `dev` will be freed again, resulting double free.

This patch fixes the double free by removing the free operation on
`dev` in `rsi_init_usb_interface`, because `rsi_91x_deinit` is also
used in `rsi_disconnect`, in that code path, the `dev` field is not
 (and thus needs to be) freed.

This bug was found in v4.19, but is also present in the latest version
of kernel. Fixes CVE-2019-15504.

Reported-by: Hui Peng <benquike@gmail.com>
Reported-by: Mathias Payer <mathias.payer@nebelwelt.net>
Signed-off-by: Hui Peng <benquike@gmail.com>
Reviewed-by: Guenter Roeck <linux@roeck-us.net>
Signed-off-by: Kalle Valo <kvalo@codeaurora.org>
2019-09-03 16:54:48 +03:00
..
appletalk
arcnet arcnet: com20020-isa: Mark expected switch fall-throughs 2019-07-29 10:23:59 -07:00
bonding bonding: Add vlan tx offload to hw_enc_features 2019-08-08 22:01:44 -07:00
caif caif-hsi: fix possible deadlock in cfhsi_exit_module() 2019-07-17 11:58:56 -07:00
can Merge git://git.kernel.org/pub/scm/linux/kernel/git/netdev/net 2019-08-06 17:11:59 -07:00
dsa net: dsa: microchip: add KSZ8563 compatibility string 2019-08-31 23:36:37 -07:00
ethernet net: seeq: Fix the function used to release some memory in an error handling path 2019-09-01 12:10:11 -07:00
fddi The main MIPS changes for a pretty light v5.3 cycle, including: 2019-07-17 09:42:03 -07:00
fjes
hamradio net: hamradio: baycom_epp: Mark expected switch fall-through 2019-07-29 13:57:58 -07:00
hippi hippi: Remove call to memset after pci_alloc_consistent 2019-07-15 11:06:27 -07:00
hyperv hv_netvsc: Fix a warning of suspicious RCU usage 2019-08-09 13:42:19 -07:00
ieee802154 Merge branch 'ieee802154-for-davem-2019-08-24' of git://git.kernel.org/pub/scm/linux/kernel/git/sschmidt/wpan 2019-08-24 13:46:57 -07:00
ipvlan
netdevsim netdevsim: Restore per-network namespace accounting for fib entries 2019-08-11 20:59:19 -07:00
phy Add genphy_c45_config_aneg() function to phy-c45.c 2019-08-27 20:21:15 -07:00
plip
ppp compat_ioctl: pppoe: fix PPPOEIOCSFWD handling 2019-07-30 14:42:13 -07:00
slip
team team: Add vlan tx offload to hw_enc_features 2019-08-08 22:41:41 -07:00
usb r8152: remove calling netif_napi_del 2019-08-28 16:02:32 -07:00
vmxnet3 vmxnet3: Remove call to memset after dma_alloc_coherent 2019-07-15 11:06:27 -07:00
wan net: wan: sdla: Mark expected switch fall-through 2019-07-29 13:57:58 -07:00
wimax wimax/i2400m: fix a memory leak bug 2019-08-18 14:11:28 -07:00
wireless rsi: fix a double free bug in rsi_91x_deinit() 2019-09-03 16:54:48 +03:00
xen-netback xen/netback: Reset nr_frags before freeing skb 2019-08-08 18:01:24 -07:00
dummy.c
eql.c
geneve.c
gtp.c gtp: add missing gtp_encap_disable_sock() in gtp_encap_enable() 2019-07-07 18:42:48 -07:00
ifb.c
Kconfig
LICENSE.SRC
loopback.c loopback: fix lockdep splat 2019-07-03 11:24:38 -07:00
macsec.c macsec: fix checksumming after decryption 2019-07-02 14:12:29 -07:00
macvlan.c
macvtap.c
Makefile
mdio.c
mii.c
net_failover.c
netconsole.c
nlmon.c
ntb_netdev.c
rionet.c
sb1000.c
Space.c
sungem_phy.c
tap.c coallocate socket_wq with socket itself 2019-07-08 19:25:19 -07:00
thunderbolt.c
tun.c tun: mark small packets as owned by the tap sock 2019-07-25 11:38:32 -07:00
veth.c
virtio_net.c
vrf.c vrf: make sure skb->data contains ip header to make routing 2019-07-21 13:32:51 -07:00
vsockmon.c
vxlan.c Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net 2019-07-08 19:48:57 -07:00
xen-netfront.c