| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <1559047634-24397-1-git-send-email-92siuyang@gmail.com>
Date: Tue, 28 May 2019 20:47:14 +0800
From: Young Xiao <92siuyang@...il.com>
To: hdegoede@...hat.com, arnd@...db.de, gregkh@...uxfoundation.org,
linux-kernel@...r.kernel.org
Cc: Young Xiao <92siuyang@...il.com>
Subject: [PATCH] vboxguest: check for private_data before trying to close it.
vbg_misc_device_close doesn't check that filp->private_data is non-NULL
before trying to close_session, where vbg_core_close_session uses pointer
session whithout checking, too. That can cause an oops in certain error
conditions that can occur on open or lookup before the private_data is set.
This vulnerability is similar to CVE-2011-1771.
Signed-off-by: Young Xiao <92siuyang@...il.com>
---
drivers/virt/vboxguest/vboxguest_linux.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/drivers/virt/vboxguest/vboxguest_linux.c b/drivers/virt/vboxguest/vboxguest_linux.c
index 6e8c0f1..b03c16f 100644
--- a/drivers/virt/vboxguest/vboxguest_linux.c
+++ b/drivers/virt/vboxguest/vboxguest_linux.c
@@ -88,8 +88,10 @@ static int vbg_misc_device_user_open(struct inode *inode, struct file *filp)
*/
static int vbg_misc_device_close(struct inode *inode, struct file *filp)
{
- vbg_core_close_session(filp->private_data);
- filp->private_data = NULL;
+ if (file->private_data != NULL) {
+ vbg_core_close_session(filp->private_data);
+ filp->private_data = NULL;
+ }
return 0;
}
--
2.7.4
Powered by blists - more mailing lists