CVE-2016-2384 double free in usb-audio from invalid USB descriptor (rhbz 1308444 1308445)
This commit is contained in:
parent
568b33d005
commit
debee96e5e
|
@ -0,0 +1,34 @@
|
||||||
|
From 07d86ca93db7e5cdf4743564d98292042ec21af7 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Andrey Konovalov <andreyknvl@gmail.com>
|
||||||
|
Date: Sat, 13 Feb 2016 11:08:06 +0300
|
||||||
|
Subject: [PATCH] ALSA: usb-audio: avoid freeing umidi object twice
|
||||||
|
|
||||||
|
The 'umidi' object will be free'd on the error path by snd_usbmidi_free()
|
||||||
|
when tearing down the rawmidi interface. So we shouldn't try to free it
|
||||||
|
in snd_usbmidi_create() after having registered the rawmidi interface.
|
||||||
|
|
||||||
|
Found by KASAN.
|
||||||
|
|
||||||
|
Signed-off-by: Andrey Konovalov <andreyknvl@gmail.com>
|
||||||
|
Acked-by: Clemens Ladisch <clemens@ladisch.de>
|
||||||
|
Cc: <stable@vger.kernel.org>
|
||||||
|
Signed-off-by: Takashi Iwai <tiwai@suse.de>
|
||||||
|
---
|
||||||
|
sound/usb/midi.c | 1 -
|
||||||
|
1 file changed, 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/sound/usb/midi.c b/sound/usb/midi.c
|
||||||
|
index cc39f63299ef..007cf5831121 100644
|
||||||
|
--- a/sound/usb/midi.c
|
||||||
|
+++ b/sound/usb/midi.c
|
||||||
|
@@ -2455,7 +2455,6 @@ int snd_usbmidi_create(struct snd_card *card,
|
||||||
|
else
|
||||||
|
err = snd_usbmidi_create_endpoints(umidi, endpoints);
|
||||||
|
if (err < 0) {
|
||||||
|
- snd_usbmidi_free(umidi);
|
||||||
|
return err;
|
||||||
|
}
|
||||||
|
|
||||||
|
--
|
||||||
|
2.5.0
|
||||||
|
|
|
@ -631,6 +631,9 @@ Patch646: HID-sony-do-not-bail-out-when-the-sixaxis-refuses-th.patch
|
||||||
#CVE-2016-0617 rhbz 1305803 1305804
|
#CVE-2016-0617 rhbz 1305803 1305804
|
||||||
Patch648: fs-hugetlbfs-inode.c-fix-bugs-in-hugetlb_vmtruncate_.patch
|
Patch648: fs-hugetlbfs-inode.c-fix-bugs-in-hugetlb_vmtruncate_.patch
|
||||||
|
|
||||||
|
#CVE-2016-2384 rhbz 1308444 1308445
|
||||||
|
Patch649: ALSA-usb-audio-avoid-freeing-umidi-object-twice.patch
|
||||||
|
|
||||||
# END OF PATCH DEFINITIONS
|
# END OF PATCH DEFINITIONS
|
||||||
|
|
||||||
%endif
|
%endif
|
||||||
|
@ -2074,6 +2077,9 @@ fi
|
||||||
#
|
#
|
||||||
#
|
#
|
||||||
%changelog
|
%changelog
|
||||||
|
* Mon Feb 15 2016 Josh Boyer <jwboyer@fedoraproject.org>
|
||||||
|
- CVE-2016-2384 double free in usb-audio from invalid USB descriptor (rhbz 1308444 1308445)
|
||||||
|
|
||||||
* Fri Feb 12 2016 Laura Abbott <labbott@fedoraproject.org>
|
* Fri Feb 12 2016 Laura Abbott <labbott@fedoraproject.org>
|
||||||
- Turn off W+X warnings (rhbz 1306885)
|
- Turn off W+X warnings (rhbz 1306885)
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue