superrob1500
/
mirror-linux
mirror of https://github.com/torvalds/linux
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
mirror-linux/drivers/media/usb
History
Ricardo B. Marliere ded85b0c0e media: pvrusb2: fix use after free on context disconnection 
Upon module load, a kthread is created targeting the
pvr2_context_thread_func function, which may call pvr2_context_destroy
and thus call kfree() on the context object. However, that might happen
before the usb hub_event handler is able to notify the driver. This
patch adds a sanity check before the invalid read reported by syzbot,
within the context disconnection call stack.

Reported-and-tested-by: syzbot+621409285c4156a009b3@syzkaller.appspotmail.com
Closes: https://lore.kernel.org/all/000000000000a02a4205fff8eb92@google.com/

Fixes: e5be15c638 ("V4L/DVB (7711): pvrusb2: Fix race on module unload")
Signed-off-by: Ricardo B. Marliere <ricardo@marliere.net>
Acked-by: Mike Isely <isely@pobox.com>
Signed-off-by: Hans Verkuil <hverkuil-cisco@xs4all.nl>
Signed-off-by: Mauro Carvalho Chehab <mchehab@kernel.org>
 		2023-11-23 13:35:08 +01:00
..
airspy media: usb: airspy: Stop direct calls to queue num_buffers field 2023-11-23 12:35:58 +01:00
as102 media: usb: as102: drop as102_dev NULL check 2023-06-09 16:07:30 +01:00
au0828 media: mc: Make media_get_pad_index() use pad type flag 2023-05-25 16:21:22 +02:00
b2c2
cx231xx media: usb: cx231xx: Stop direct calls to queue num_buffers field 2023-11-23 12:36:21 +01:00
dvb-usb media: dvb-usb: gp8psk: Remove an unnecessary ternary operator 2023-09-27 09:39:55 +02:00
dvb-usb-v2 media: dvb-usb-v2: af9035: fix missing unlock 2023-10-13 11:33:21 +02:00
em28xx media: v4l: Use correct dependency for camera sensor drivers 2023-09-14 12:38:17 +02:00
go7007 media: v4l: Use correct dependency for camera sensor drivers 2023-09-14 12:38:17 +02:00
gspca media: gspca: cpia1: shift-out-of-bounds in set_flicker 2023-09-27 09:39:55 +02:00
hackrf media: usb: hackrf: Stop direct calls to queue num_buffers field 2023-11-23 12:36:42 +01:00
hdpvr
msi2500
pvrusb2 media: pvrusb2: fix use after free on context disconnection 2023-11-23 13:35:08 +01:00
pwc
s2255
siano media: usb: siano: Use kmemdup to simplify kmalloc and memcpy logic 2023-09-27 09:39:55 +02:00
stk1160 media: stk1160: Simplify the build config definition 2023-05-25 16:21:20 +02:00
ttusb-budget
ttusb-dec media: ttusb-dec: remove unnecessary (void*) conversions 2023-07-19 12:57:47 +02:00
usbtv media: usb: usbtv: Stop direct calls to queue num_buffers field 2023-11-23 12:37:17 +01:00
uvc media: uvcvideo: Fix OOB read 2023-09-14 23:31:55 +02:00
Kconfig
Makefile