superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/media
History
Mathias Krause a260bd22a3
media: mc: fix potential use-after-free in media_request_alloc() 
Commit 6f504cbf10 ("media: convert media_request_alloc() to
FD_PREPARE()") moved the call to fd_install() (now hidden in
fd_publish()) before the snprintf(), making the later write to
potentially already freed memory, as userland is free to call
close() concurrently right after the call to fd_install() which
may end up in the request_fops.release() handler freeing 'req'.

Fixes: 6f504cbf10 ("media: convert media_request_alloc() to FD_PREPARE()")
Signed-off-by: Mathias Krause <minipli@grsecurity.net>
Link: https://patch.msgid.link/20251209210903.603958-1-minipli@grsecurity.net
Signed-off-by: Christian Brauner <brauner@kernel.org>
 		2025-12-15 15:12:28 +01:00
..
cec media: cec: Fix debugfs leak on bus_register() failure 2025-10-14 15:07:37 +02:00
common Linux 6.18-rc5 2025-11-11 12:44:28 +01:00
dvb-core media: dvb_ca_en50221: fix "writen"->"written" 2025-11-03 15:58:41 +01:00
dvb-frontends media: mn88443x: Use %pe format specifier 2025-10-17 11:31:15 +02:00
firewire
i2c media: i2c: add Sony IMX111 CMOS camera sensor driver 2025-11-13 11:33:39 +01:00
mc media: mc: fix potential use-after-free in media_request_alloc() 2025-12-15 15:12:28 +01:00
mmc
pci media: ipu6: isys: Add support for monochrome media bus formats 2025-11-13 10:57:52 +01:00
platform hardening updates for v6.19-rc1 2025-12-05 09:11:02 -08:00
radio media: radio: si470x: Fix DRIVER_AUTHOR macro definition 2025-11-05 14:08:56 +01:00
rc media: rc: st_rc: Fix reset control resource leak 2025-11-11 10:17:33 +01:00
spi
test-drivers [GIT PULL for v6.19] media updates 2025-12-04 08:15:19 -08:00
tuners Revert "media: xc2028: avoid use-after-free in load_firmware_cb()" 2025-10-14 15:07:36 +02:00
usb Modules changes for v6.19-rc1 2025-12-06 08:27:07 -08:00
v4l2-core media: v4l2-isp: Rename block_info to block_type_info 2025-11-14 15:48:49 +01:00
Kconfig
Makefile