Re: [PATCH v3 0/4] Fix multiple race condition vulnerabilities in dvb-core and device driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, 09 Mar 2023, Mauro Carvalho Chehab wrote:

> Em Tue, 7 Mar 2023 10:36:59 +0000
> Lee Jones <lee@xxxxxxxxxx> escreveu:
>
> > On Tue, 28 Feb 2023, Lee Jones wrote:
> >
> > > On Wed, 22 Feb 2023, Lee Jones wrote:
> > >
> > > > On Tue, 10 Jan 2023, Takashi Iwai wrote:
> > > >
> > > > > On Thu, 17 Nov 2022 05:59:21 +0100,
> > > > > Hyunwoo Kim wrote:
> > > > > >
> > > > > > Dear,
> > > > > >
> > > > > > This patch set is a security patch for various race condition vulnerabilities that occur
> > > > > > in 'dvb-core' and 'ttusb_dec', a dvb-based device driver.
> > > > > >
> > > > > >
> > > > > > # 1. media: dvb-core: Fix use-after-free due to race condition occurring in dvb_frontend
> > > > > > This is a security patch for a race condition that occurs in the dvb_frontend system of dvb-core.
> > > > > >
> > > > > > The race condition that occurs here will occur with _any_ device driver using dvb_frontend.
> > > > > >
> > > > > > The race conditions that occur in dvb_frontend are as follows
> > > >
> > > > [...]
> > > >
> > > > > > # 4. media: ttusb-dec: Fix memory leak in ttusb_dec_exit_dvb()
> > > > > > This is a patch for a memory leak that occurs in the ttusb_dec_exit_dvb() function.
> > > > > >
> > > > > > Because ttusb_dec_exit_dvb() does not call dvb_frontend_detach(),
> > > > > > several fe related structures are not kfree()d.
> > > > > >
> > > > > > Users can trigger a memory leak just by repeating connecting and disconnecting
> > > > > > the ttusb_dec device.
> > > > > >
> > > > > >
> > > > > > Finally, most of these patches are similar to this one, the security patch for
> > > > > > CVE-2022-41218 that I reported:
> > > > > > https://lore.kernel.org/linux-media/20221031100245.23702-1-tiwai@xxxxxxx/
> > > > > >
> > > > > >
> > > > > > Regards,
> > > > > > Hyunwoo Kim
> > > > >
> > > > > Are those issues still seen with the latest 6.2-rc kernel?
> > > > > I'm asking because there have been a few fixes in dvb-core to deal
> > > > > with some UAFs.
> > > > >
> > > > > BTW, Mauro, the issues are tagged with several CVE's:
> > > > > CVE-2022-45884, CVE-2022-45886, CVE-2022-45885, CVE-2022-45887.
> > > >
> > > > Was there an answer to this question?
> > > >
> > > > Rightly or wrongly this patch is still being touted as the fix for some
> > > > reported CVEs [0].
> > > >
> > > > Is this patch still required or has it been superseded?  If the later,
> > > > which patch superseded it?
> > > >
> > > > Thanks.
> > > >
> > > > [0] https://nvd.nist.gov/vuln/detail/CVE-2022-45886
> > >
> > > Have these issues been fixed already?
> > >
> > > If not, is this patch set due to be merged or reviewed?
> >
> > Still nothing heard from the author or any maintainer.
>
> We're currently lacking a sub-maintainer for dvb. Changes at the
> DVB mutexes have been problematic and require tests on some
> devices, specially on those with multiple frontends.
>
> I'll try to find some time to review and test those patches.

Thank you Mauro, I fully appreciate the struggles and the effort.

> > I'd take this as a hint if I had any social skills!
> >
> > Please could someone provide me with a status report on these patches?
> >
> > They appear to have CVEs associated with them.  Have they been fixed?
>
> Thanks,
> Mauro

--
Lee Jones [李琼斯]



[Index of Archives]     [Linux Media]     [Linux Input]     [Linux Audio Users]     [Yosemite News]     [Linux Kernel]     [Linux SCSI]     [Old Linux USB Devel Archive]

  Powered by Linux