Minki/linux
1
0
Fork 1
mirror of https://github.com/torvalds/linux.git synced 2024-11-22 20:22:09 +00:00
Code Issues Packages Projects Releases Wiki Activity
56b88b5056
linux/sound
History
Clement Lecigne 56b88b5056 ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF 
Takes rwsem lock inside snd_ctl_elem_read instead of snd_ctl_elem_read_user
like it was done for write in commit 1fa4445f9a ("ALSA: control - introduce
snd_ctl_notify_one() helper"). Doing this way we are also fixing the following
locking issue happening in the compat path which can be easily triggered and
turned into an use-after-free.

64-bits:
snd_ctl_ioctl
  snd_ctl_elem_read_user
    [takes controls_rwsem]
    snd_ctl_elem_read [lock properly held, all good]
    [drops controls_rwsem]

32-bits:
snd_ctl_ioctl_compat
  snd_ctl_elem_write_read_compat
    ctl_elem_write_read
      snd_ctl_elem_read [missing lock, not good]

CVE-2023-0266 was assigned for this issue.

Cc: stable@kernel.org # 5.13+
Signed-off-by: Clement Lecigne <clecigne@google.com>
Reviewed-by: Jaroslav Kysela <perex@perex.cz>
Link: https://lore.kernel.org/r/20230113120745.25464-1-tiwai@suse.de
Signed-off-by: Takashi Iwai <tiwai@suse.de>
2023-01-13 14:15:26 +01:00
..
ac97 ALSA: ac97: Replace sprintf() with sysfs_emit() 2022-08-02 16:03:41 +02:00
aoa ALSA: aoa: tas: Convert to i2c's .probe_new() 2022-11-19 09:43:27 +01:00
arm ALSA: arm: pxa: pxa2xx-ac97-lib: fix return value check of platform_get_irq() 2022-10-29 10:45:27 +02:00
atmel
core ALSA: pcm: Move rwsem lock inside snd_ctl_elem_read to prevent UAF 2023-01-13 14:15:26 +01:00
drivers ALSA: mts64: fix possible null-ptr-defer in snd_mts64_interrupt 2022-12-06 11:12:12 +01:00
firewire Merge branch 'for-next' into for-linus 2022-12-22 09:11:48 +01:00
hda ALSA: hda: Error out if invalid stream is being setup 2022-12-09 09:54:53 +01:00
i2c treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
isa ALSA: sb: Use DIV_ROUND_UP() instead of open-coding it 2022-09-29 08:11:55 +02:00
mips
oss sound: oss: dmasound: remove software_input_volume declaration 2022-09-09 09:11:06 +02:00
parisc
pci ALSA: hda/realtek: Enable mute/micmute LEDs on HP Spectre x360 13-aw0xxx 2023-01-12 12:10:45 +01:00
pcmcia ALSA: pdaudiocf: Drop superfluous GFP setup 2022-08-24 08:00:26 +02:00
ppc ALSA: ppc: keywest: Convert to i2c's .probe_new() 2022-11-19 09:43:50 +01:00
sh
soc ASoC: fsl-asoc-card: Fix naming of AC'97 CODEC widgets 2023-01-10 12:45:22 +00:00
sparc
spi sound:spi: remove reference to AVR32 in Atmel AT73C213 DAC driver 2022-08-03 11:11:26 +02:00
synth treewide: Convert del_timer*() to timer_shutdown*() 2022-12-25 13:38:09 -08:00
usb ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() 2023-01-13 09:54:55 +01:00
virtio
x86 ALSA: x86: intel_hdmi_audio: use pm_runtime_resume_and_get() 2022-06-17 10:46:38 +02:00
xen
ac97_bus.c
Kconfig
last.c
Makefile
sound_core.c driver core: make struct class.devnode() take a const * 2022-11-24 17:12:27 +01:00