| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-Id: <20230912084530.3307329-1-make_ruc2021@163.com>
Date: Tue, 12 Sep 2023 16:45:30 +0800
From: Ma Ke <make_ruc2021@....com>
To: perex@...ex.cz, tiwai@...e.com, cujomalainey@...omium.org,
maciej.szmigiero@...cle.com, clecigne@...gle.com,
make_ruc2021@....com
Cc: alsa-devel@...a-project.org, linux-kernel@...r.kernel.org
Subject: [PATCH] ALSA: control: do not access controls without possession of r_w lock
we should not access any of its memory when we don't ensure possession of
a read/write lock. Otherwise we risk a use after free access, which allows
local users to cause a denial of service and obtain sensitive information
from kernel memory.
Signed-off-by: Ma Ke <make_ruc2021@....com>
---
sound/core/control.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/sound/core/control.c b/sound/core/control.c
index 59c8658966d4..98782cc68ee1 100644
--- a/sound/core/control.c
+++ b/sound/core/control.c
@@ -590,7 +590,8 @@ static int __snd_ctl_remove(struct snd_card *card,
remove_hash_entries(card, kcontrol);
card->controls_count -= kcontrol->count;
- for (idx = 0; idx < kcontrol->count; idx++)
+ count = kcontrol->count;
+ for (idx = 0; idx < count; idx++)
snd_ctl_notify_one(card, SNDRV_CTL_EVENT_MASK_REMOVE, kcontrol, idx);
snd_ctl_free_one(kcontrol);
return 0;
--
2.37.2
Powered by blists - more mailing lists