| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2026010840-rage-sprang-2662@gregkh> Date: Thu, 8 Jan 2026 16:28:42 +0100 From: Greg KH <gregkh@...uxfoundation.org> To: Zilin Guan <zilin@....edu.cn> Cc: mathias.nyman@...el.com, linux-usb@...r.kernel.org, linux-kernel@...r.kernel.org, jianhao.xu@....edu.cn, stable@...r.kernel.org Subject: Re: [PATCH v2] usb: xhci: Fix memory leak in xhci_disable_slot() On Thu, Jan 08, 2026 at 02:11:08PM +0000, Zilin Guan wrote: > xhci_alloc_command() allocates a command structure and, when the > second argument is true, also allocates a completion structure. > Currently, the error handling path in xhci_disable_slot() only frees > the command structure using kfree(), causing the completion structure > to leak. > > Use xhci_free_command() instead of kfree(). xhci_free_command() correctly > frees both the command structure and the associated completion structure. > Since the command structure is allocated with zero-initialization, > command->in_ctx is NULL and will not be erroneously freed by > xhci_free_command(). > > This bug was found using an experimental static analysis tool we are > developing. The tool is based on the LLVM framework and is specifically > designed to detect memory management issues. It is currently under > active development and not yet publicly available, but we plan to > open-source it after our research is published. > > The analysis was performed on Linux kernel v6.13-rc1. That is a very old kernel version, from December 2024, please redo this to verify it is relevent to todays tree. thanks, greg k-h
Powered by blists - more mailing lists