lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Date:   Fri, 21 Oct 2022 18:21:55 +0800
From:   Li Zetao <lizetao1@...wei.com>
To:     <richard@....at>, <miquel.raynal@...tlin.com>, <vigneshr@...com>,
        <dedekind@...utronix.de>, <haver@...t.ibm.com>,
        <bbrezillon@...nel.org>
CC:     <lizetao1@...wei.com>, <boris.brezillon@...e-electrons.com>,
        <linux-mtd@...ts.infradead.org>, <linux-kernel@...r.kernel.org>
Subject: [PATCH 0/2] Fix use-after-free and kmemleak in ubi_resize_volume()

This patchset fixes two memory usage issues.

Patch 1 resolves the use-after-free issue, this is happening in volume 
resizing failed. In volume resizing process, the old eba table will be
replaced by the new. But on error handing patch, the old eba will be 
freed, which causing an use-after-free fault when resizing volume
next time.

Patch 2 resolves the kmemleak issue, this is also happening in volume
resizing failed. "new_eba_tbl" is created by ubi_eba_create_table() 
but destroyed by kfree().

Li Zetao (2):
  ubi: Fix use-after-free when volume resizing failed
  ubi: Fix unreferenced object reported by kmemleak in
    ubi_resize_volume()

 drivers/mtd/ubi/vmt.c | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

-- 
2.31.1

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ