On Mon, 21 Nov 2022 07:33:08 +0100, Hyunwoo Kim wrote: > > If the device node of dvb_ca_en50221 is open() and the > device is disconnected, a UAF may occur when calling > close() on the device node. > > The root cause is that wake_up() and wait_event() for > dvbdev->wait_queue are not implemented. > > So implement wait_event() function in dvb_ca_en50221_release() > and add 'remove_mutex' which prevents race condition > for 'ca->exit'. > > Signed-off-by: Hyunwoo Kim <v4bel@xxxxxxxxx> Just wonder what happens on this. Is this still persistent with the latest upstream kernel? Note that CVE-2022-45919 has been assigned to this bug. thanks, Takashi
