lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20260108023710.539893-1-zilin@seu.edu.cn>
Date: Thu,  8 Jan 2026 02:37:10 +0000
From: Zilin Guan <zilin@....edu.cn>
To: gregkh@...uxfoundation.org
Cc: jianhao.xu@....edu.cn,
	linux-kernel@...r.kernel.org,
	linux-usb@...r.kernel.org,
	mathias.nyman@...el.com,
	zilin@....edu.cn
Subject: Re: [PATCH] usb: xhci: Fix memory leak in xchi_disable_slot()

On Wed, Jan 07, 2026 at 04:04:43PM +0100, Greg KH wrote:
> On Thu, Dec 25, 2025 at 04:21:19PM +0000, Zilin Guan wrote:
> > xhci_alloc_command() allocates a command structure and, when the
> > second argument is true, also allocates a completion structure.
> > Currently, the error handling path in xhci_disable_slot() only frees
> > the command structure using kfree(), causing the completion structure
> > to leak.
> > 
> > Fix this by using xhci_free_command() instead of kfree(). This function
> > correctly frees both the command and the completion structure.
> > 
> > Fixes: cd3f1790b006d ("usb: xhci: Fix potential memory leak in xhci_disable_slot()")
> 
> No cc: stable?

My understanding is that the Cc: stable tag is primarily intended for 
severe bugs. I wasn't sure if this leak was critical enough to warrant 
backporting, especially since the amount of leaked memory is small. I 
decided to avoid adding unnecessary noise to the stable tree, but I am 
happy to include the tag if you advise doing so.

> And how was this found?  How was it tested?  

This issue was reported by our static analysis tool, but we manually verify 
the bugs.

We enforced a rigorous manual check to trace the code path and confirm 
the resource leak is genuine specifically to filter out any false 
positives from the tool.

> What tool created this fix?

We wrote patch manually.

Thanks,
Zilin Guan

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ