leandrof/linux
1
0
Fork 0
forked from Minki/linux
Code Issues Pull Requests Packages Projects Releases Wiki Activity
be541bd473
linux/drivers/firmware/efi
History
Hyunwoo Kim 9cb636b5f6 efi: capsule-loader: Fix use-after-free in efi_capsule_write 
A race condition may occur if the user calls close() on another thread
during a write() operation on the device node of the efi capsule.

This is a race condition that occurs between the efi_capsule_write() and
efi_capsule_flush() functions of efi_capsule_fops, which ultimately
results in UAF.

So, the page freeing process is modified to be done in
efi_capsule_release() instead of efi_capsule_flush().

Cc: <stable@vger.kernel.org> # v4.9+
Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com>
Link: https://lore.kernel.org/all/20220907102920.GA88602@ubuntu/
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
2022-09-07 18:23:56 +02:00
..
libstub efi/x86: libstub: remove unused variable 2022-09-07 09:03:53 +02:00
test efi/efi_test: read RuntimeServicesSupported 2020-12-09 08:37:27 +01:00
apple-properties.c efi: fix return value of __setup handlers 2022-03-01 09:02:21 +01:00
arm-runtime.c mm: reorder includes after introduction of linux/pgtable.h 2020-06-09 09:39:13 -07:00
capsule-loader.c efi: capsule-loader: Fix use-after-free in efi_capsule_write 2022-09-07 18:23:56 +02:00
capsule.c efi: capsule: clean scatter-gather entries from the D-cache 2020-12-09 08:37:27 +01:00
cper-arm.c
cper-x86.c x86/mce, cper: Pass x86 CPER through the MCA handling chain 2020-11-21 12:05:41 +01:00
cper.c efi/cper: Reformat CPER memory error location to more readable 2022-04-08 11:36:16 +02:00
dev-path-parser.c ACPI: utils: Fix reference counting in for_each_acpi_dev_match() 2021-07-19 16:22:01 +02:00
earlycon.c
efi-bgrt.c
efi-init.c efi: Make code to find mirrored memory ranges generic 2022-06-15 12:11:19 +02:00
efi-pstore.c efi: pstore: Omit efivars caching EFI varstore access layer 2022-06-24 20:40:19 +02:00
efi.c efi: vars: Move efivar caching layer into efivarfs 2022-06-24 20:40:19 +02:00
efibc.c efi: efibc: avoid efivar API for setting variables 2022-06-20 12:43:25 +02:00
embedded-firmware.c crypto: sha - split sha.h into sha1.h and sha2.h 2020-11-20 14:45:33 +11:00
esrt.c efi: use default_groups in kobj_type 2022-01-06 21:19:05 +01:00
fake_mem.c
fake_mem.h
fdtparams.c efi/fdt: fix panic when no valid fdt found 2021-05-22 14:03:42 +02:00
Kconfig efi: vars: Remove deprecated 'efivars' sysfs interface 2022-06-24 20:40:19 +02:00
Makefile efi: vars: Remove deprecated 'efivars' sysfs interface 2022-06-24 20:40:19 +02:00
memattr.c efi: Allow EFI_MEMORY_XP and EFI_MEMORY_RO both to be cleared 2021-05-22 14:05:13 +02:00
memmap.c drivers: fix typo in firmware/efi/memmap.c 2022-06-28 20:00:11 +02:00
mokvar-table.c efi/mokvar: move up init order 2022-03-08 13:55:52 +02:00
rci2-table.c
reboot.c efi: Fix efi_power_off() not being run before acpi_power_off() when necessary 2022-07-10 17:41:06 +02:00
riscv-runtime.c RISC-V: Add EFI runtime services 2020-10-02 14:31:28 -07:00
runtime-map.c efi: use default_groups in kobj_type 2022-01-06 21:19:05 +01:00
runtime-wrappers.c efi: Change down_interruptible() in virt_efi_reset_system() to down_trylock() 2021-10-05 13:07:01 +02:00
sysfb_efi.c efi: sysfb_efi: remove unnecessary <asm/efi.h> include 2022-06-21 18:11:43 +02:00
tpm.c efi/tpm: Differentiate missing and invalid final event log table. 2021-07-16 18:04:55 +02:00
vars.c efi: vars: Move efivar caching layer into efivarfs 2022-06-24 20:40:19 +02:00
x86_fake_mem.c efi/fake_mem: arrange for a resource entry per efi_fake_mem instance 2020-10-13 18:38:27 -07:00