Em Tue, 7 Mar 2023 10:36:59 +0000 Lee Jones <lee@xxxxxxxxxx> escreveu: > On Tue, 28 Feb 2023, Lee Jones wrote: > > > On Wed, 22 Feb 2023, Lee Jones wrote: > > > > > On Tue, 10 Jan 2023, Takashi Iwai wrote: > > > > > > > On Thu, 17 Nov 2022 05:59:21 +0100, > > > > Hyunwoo Kim wrote: > > > > > > > > > > Dear, > > > > > > > > > > This patch set is a security patch for various race condition vulnerabilities that occur > > > > > in 'dvb-core' and 'ttusb_dec', a dvb-based device driver. > > > > > > > > > > > > > > > # 1. media: dvb-core: Fix use-after-free due to race condition occurring in dvb_frontend > > > > > This is a security patch for a race condition that occurs in the dvb_frontend system of dvb-core. > > > > > > > > > > The race condition that occurs here will occur with _any_ device driver using dvb_frontend. > > > > > > > > > > The race conditions that occur in dvb_frontend are as follows > > > > > > [...] > > > > > > > > # 4. media: ttusb-dec: Fix memory leak in ttusb_dec_exit_dvb() > > > > > This is a patch for a memory leak that occurs in the ttusb_dec_exit_dvb() function. > > > > > > > > > > Because ttusb_dec_exit_dvb() does not call dvb_frontend_detach(), > > > > > several fe related structures are not kfree()d. > > > > > > > > > > Users can trigger a memory leak just by repeating connecting and disconnecting > > > > > the ttusb_dec device. > > > > > > > > > > > > > > > Finally, most of these patches are similar to this one, the security patch for > > > > > CVE-2022-41218 that I reported: > > > > > https://lore.kernel.org/linux-media/20221031100245.23702-1-tiwai@xxxxxxx/ > > > > > > > > > > > > > > > Regards, > > > > > Hyunwoo Kim > > > > > > > > Are those issues still seen with the latest 6.2-rc kernel? > > > > I'm asking because there have been a few fixes in dvb-core to deal > > > > with some UAFs. > > > > > > > > BTW, Mauro, the issues are tagged with several CVE's: > > > > CVE-2022-45884, CVE-2022-45886, CVE-2022-45885, CVE-2022-45887. > > > > > > Was there an answer to this question? > > > > > > Rightly or wrongly this patch is still being touted as the fix for some > > > reported CVEs [0]. > > > > > > Is this patch still required or has it been superseded? If the later, > > > which patch superseded it? > > > > > > Thanks. > > > > > > [0] https://nvd.nist.gov/vuln/detail/CVE-2022-45886 > > > > Have these issues been fixed already? > > > > If not, is this patch set due to be merged or reviewed? > > Still nothing heard from the author or any maintainer. We're currently lacking a sub-maintainer for dvb. Changes at the DVB mutexes have been problematic and require tests on some devices, specially on those with multiple frontends. I'll try to find some time to review and test those patches. > > I'd take this as a hint if I had any social skills! > > Please could someone provide me with a status report on these patches? > > They appear to have CVEs associated with them. Have they been fixed? > > -- > Lee Jones [李琼斯] Thanks, Mauro