[alsa-devel] [PATCH] ALSA: pcm: prevent UAF in snd_pcm_info
Greg KH
gregkh at linuxfoundation.org
Tue Dec 5 18:26:56 CET 2017
On Tue, Dec 05, 2017 at 09:19:32AM -0800, Nick Desaulniers wrote:
> + stable
>
> On Tue, Dec 5, 2017 at 9:16 AM, Nick Desaulniers
> <ndesaulniers at google.com> wrote:
> > From: Robb Glasser <rglasser at google.com>
> >
> > When the device descriptor is closed, the `substream->runtime` pointer
> > is freed. But another thread may be in the ioctl handler, case
> > SNDRV_CTL_IOCTL_PCM_INFO. This case calls snd_pcm_info_user() which
> > calls snd_pcm_info() which accesses the now freed `substream->runtime`.
> >
> > Signed-off-by: Robb Glasser <rglasser at google.com>
> > Signed-off-by: Nick Desaulniers <ndesaulniers at google.com>
> > ---
> > sound/core/pcm.c | 2 ++
> > 1 file changed, 2 insertions(+)
<formletter>
This is not the correct way to submit patches for inclusion in the
stable kernel tree. Please read:
https://www.kernel.org/doc/html/latest/process/stable-kernel-rules.html
for how to do this properly.
</formletter>
More information about the Alsa-devel
mailing list