On Tue, Jan 11, 2022 at 09:35:11AM +0100, Marcus Meissner wrote: > Hi whitehat002, > > SUSE currently does not build the moxart driver, let me defer you to > security@xxxxxxxxxx and the MMC maintainers. > > i also opened a bug in our bugzilla just for tracking > https://bugzilla.suse.com/show_bug.cgi?id=1194516 > > Ciao, Marcus > On Tue, Jan 11, 2022 at 02:30:32PM +0800, whitehat002 whitehat002 wrote: > > Hello suse security team, > > > > There is a UAF in drivers/mmc/host/moxart-mmc.c > > This is similar with > > https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=42933c8aa14be1caa9eda41f65cde8a3a95d3e39 > > > > > > > > static int moxart_remove(struct platform_device *pdev) > > { > > struct mmc_host *mmc = dev_get_drvdata(&pdev->dev); > > struct moxart_host *host = mmc_priv(mmc); > > > > dev_set_drvdata(&pdev->dev, NULL); > > > > if (!IS_ERR_OR_NULL(host->dma_chan_tx)) > > dma_release_channel(host->dma_chan_tx); > > if (!IS_ERR_OR_NULL(host->dma_chan_rx)) > > dma_release_channel(host->dma_chan_rx); > > mmc_remove_host(mmc); > > mmc_free_host(mmc); //[0] free > > > > writel(0, host->base + REG_INTERRUPT_MASK); //[1] host is private data from > > mmc_host UAF > > writel(0, host->base + REG_POWER_CONTROL); > > writel(readl(host->base + REG_CLOCK_CONTROL) | CLK_OFF, > > host->base + REG_CLOCK_CONTROL); > > > > return 0; > > } > > Can you write a patch to fix this so that you can get proper credit for fixing it as well as finding it? thanks, greg k-h
