Re: [PATCH v3 0/4] Fix multiple race condition vulnerabilities in dvb-core and device driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Dear,

Sorry for the late reply.
This patch hasn't been reviewed in a long time, and I had completely
forgotten about it.

I no longer have the emulating environment I was debugging this in at
the time, but from looking at the code it appears that the
vulnerability still exists.
This means that this patch should be reviewed by the DVB maintainers,
but my guess is that, as it has been, it's unlikely to get reviewed.

Regards,
Hyunwoo Kim

2023년 3월 7일 (화) 오후 7:37, Lee Jones <lee@xxxxxxxxxx>님이 작성:
>
> On Tue, 28 Feb 2023, Lee Jones wrote:
>
> > On Wed, 22 Feb 2023, Lee Jones wrote:
> >
> > > On Tue, 10 Jan 2023, Takashi Iwai wrote:
> > >
> > > > On Thu, 17 Nov 2022 05:59:21 +0100,
> > > > Hyunwoo Kim wrote:
> > > > >
> > > > > Dear,
> > > > >
> > > > > This patch set is a security patch for various race condition vulnerabilities that occur
> > > > > in 'dvb-core' and 'ttusb_dec', a dvb-based device driver.
> > > > >
> > > > >
> > > > > # 1. media: dvb-core: Fix use-after-free due to race condition occurring in dvb_frontend
> > > > > This is a security patch for a race condition that occurs in the dvb_frontend system of dvb-core.
> > > > >
> > > > > The race condition that occurs here will occur with _any_ device driver using dvb_frontend.
> > > > >
> > > > > The race conditions that occur in dvb_frontend are as follows
> > >
> > > [...]
> > >
> > > > > # 4. media: ttusb-dec: Fix memory leak in ttusb_dec_exit_dvb()
> > > > > This is a patch for a memory leak that occurs in the ttusb_dec_exit_dvb() function.
> > > > >
> > > > > Because ttusb_dec_exit_dvb() does not call dvb_frontend_detach(),
> > > > > several fe related structures are not kfree()d.
> > > > >
> > > > > Users can trigger a memory leak just by repeating connecting and disconnecting
> > > > > the ttusb_dec device.
> > > > >
> > > > >
> > > > > Finally, most of these patches are similar to this one, the security patch for
> > > > > CVE-2022-41218 that I reported:
> > > > > https://lore.kernel.org/linux-media/20221031100245.23702-1-tiwai@xxxxxxx/
> > > > >
> > > > >
> > > > > Regards,
> > > > > Hyunwoo Kim
> > > >
> > > > Are those issues still seen with the latest 6.2-rc kernel?
> > > > I'm asking because there have been a few fixes in dvb-core to deal
> > > > with some UAFs.
> > > >
> > > > BTW, Mauro, the issues are tagged with several CVE's:
> > > > CVE-2022-45884, CVE-2022-45886, CVE-2022-45885, CVE-2022-45887.
> > >
> > > Was there an answer to this question?
> > >
> > > Rightly or wrongly this patch is still being touted as the fix for some
> > > reported CVEs [0].
> > >
> > > Is this patch still required or has it been superseded?  If the later,
> > > which patch superseded it?
> > >
> > > Thanks.
> > >
> > > [0] https://nvd.nist.gov/vuln/detail/CVE-2022-45886
> >
> > Have these issues been fixed already?
> >
> > If not, is this patch set due to be merged or reviewed?
>
> Still nothing heard from the author or any maintainer.
>
> I'd take this as a hint if I had any social skills!
>
> Please could someone provide me with a status report on these patches?
>
> They appear to have CVEs associated with them.  Have they been fixed?
>
> --
> Lee Jones [李琼斯]




[Index of Archives]     [Linux Input]     [Video for Linux]     [Gstreamer Embedded]     [Mplayer Users]     [Linux USB Devel]     [Linux Audio Users]     [Linux Kernel]     [Linux SCSI]     [Yosemite Backpacking]

  Powered by Linux