Re: [PATCH] scsi: qedf: Fix a UAF bug in __qedf_probe

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Fri, 12 Nov 2021 20:06:41 +0800, Letu Ren wrote:

> In __qedf_probe, if `qedf->cdev` is NULL which means
> qed_ops->common->probe() failed, then the program will goto label err1,
> scsi_host_put() will free `lport->host` pointer. Because the memory `qedf`
> points to is allocated by libfc_host_alloc(), it will be freed by
> scsi_host_put(). However, the if statement below label err0 only checks
> whether qedf is NULL but doesn't check whether the memory has been freed.
> So a UAF bug occurred.
> 
> [...]

Applied to 6.0/scsi-fixes, thanks!

[1/1] scsi: qedf: Fix a UAF bug in __qedf_probe
      https://git.kernel.org/mkp/scsi/c/fbfe96869b78

-- 
Martin K. Petersen	Oracle Linux Engineering
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [SCSI Target Devel]     [Linux SCSI Target Infrastructure]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Linux IIO]     [Samba]     [Device Mapper]

  Powered by Linux