| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <AAE255E2-8388-48FD-B728-D633862DBFB4@goldelico.com>
Date: Wed, 12 Feb 2014 11:08:22 +0100
From: "Dr. H. Nikolaus Schaller" <hns@...delico.com>
To: Felipe Balbi <balbi@...com>,
Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
linux-usb@...r.kernel.org, LKML <linux-kernel@...r.kernel.org>
Cc: Marek Belisko <marek@...delico.com>
Subject: [PATCH 1 of 1]: musb: fixed a potential NULL pointer dereference.
fixed a potential NULL pointer dereference.
Rationale:
this is the only location in the musb driver where the
otg->gadget pointer is dereferenced. Assuming that it
is never NULL is not only potentially unsafe but was
observed in the wild on a GTA04 (OMAP3/TPS65950 based
board) when trying to boot a device tree based 3.14-rc2
kernel with USB cable plugged in.
DT boot appears to modify the order in which components
(gadget driver) are loaded and linked and therefore
an early musb interrupt triggers with a NULL gadget
pointer ending in a kernel panic.
Since a non-existing gadget can never be "active" we
simply use a 0 value for musb->is_active.
Signed-off-by: H. Nikolaus Schaller <hns@...delico.com>
Download attachment "0001-fixed-a-potential-NULL-pointer-dereference.patch" of type "application/octet-stream" (1593 bytes)
Powered by blists - more mailing lists