superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/sound/core/oss
History
Cássio Gabriel 4cc54bdd54 ALSA: pcm: oss: Fix setup list UAF on proc write error 
snd_pcm_oss_proc_write() links a newly allocated setup entry into the
OSS setup list before duplicating the task name. If the task-name
allocation fails, the error path frees the already linked entry and
leaves setup_list pointing at freed memory.

A later OSS device open can then walk the stale list entry in
snd_pcm_oss_look_for_setup() and dereference freed memory.

Allocate the task name and initialize the setup entry before publishing
the entry on setup_list. Also fetch the initial proc read iterator only
after taking setup_mutex, so all setup_list traversal follows the same
list lifetime rules.

Reported-by: syzbot+8e498074a794999eb41c@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/6a1062b7.170a0220.35b2b7.0003.GAE@google.com
Closes: https://syzkaller.appspot.com/bug?extid=8e498074a794999eb41c
Fixes: 060d77b9c0 ("[ALSA] Fix / clean up PCM-OSS setup hooks")
Signed-off-by: Cássio Gabriel <cassiogabrielcontato@gmail.com>
Link: https://patch.msgid.link/20260522-alsa-pcm-oss-setup-uaf-v1-1-40bdcc4d17e8@gmail.com
Signed-off-by: Takashi Iwai <tiwai@suse.de>
 		2026-05-25 09:23:10 +02:00
..
Makefile ALSA: core: Use *-y instead of *-objs in Makefile 2024-05-08 18:17:32 +02:00
copy.c ALSA: core: Add SPDX license id to files 2026-02-18 08:52:08 +01:00
io.c ALSA: core: Add SPDX license id to files 2026-02-18 08:52:08 +01:00
linear.c ALSA: core: Add SPDX license id to files 2026-02-18 08:52:08 +01:00
mixer_oss.c Convert 'alloc_obj' family to use the new default GFP_KERNEL argument 2026-02-21 17:09:51 -08:00
mulaw.c ALSA: core: Add SPDX license id to files 2026-02-18 08:52:08 +01:00
pcm_oss.c ALSA: pcm: oss: Fix setup list UAF on proc write error 2026-05-25 09:23:10 +02:00
pcm_plugin.c Convert more 'alloc_obj' cases to default GFP_KERNEL arguments 2026-02-21 20:03:00 -08:00
pcm_plugin.h ALSA: oss: Remove unused declarations 2024-08-16 12:28:12 +02:00
rate.c ALSA: core: Add SPDX license id to files 2026-02-18 08:52:08 +01:00
route.c ALSA: core: Add SPDX license id to files 2026-02-18 08:52:08 +01:00