On Thu, 09 Mar 2023, Mauro Carvalho Chehab wrote: > Em Tue, 7 Mar 2023 10:36:59 +0000 > Lee Jones <lee@xxxxxxxxxx> escreveu: > > > On Tue, 28 Feb 2023, Lee Jones wrote: > > > > > On Wed, 22 Feb 2023, Lee Jones wrote: > > > > > > > On Tue, 10 Jan 2023, Takashi Iwai wrote: > > > > > > > > > On Thu, 17 Nov 2022 05:59:21 +0100, > > > > > Hyunwoo Kim wrote: > > > > > > > > > > > > Dear, > > > > > > > > > > > > This patch set is a security patch for various race condition vulnerabilities that occur > > > > > > in 'dvb-core' and 'ttusb_dec', a dvb-based device driver. > > > > > > > > > > > > > > > > > > # 1. media: dvb-core: Fix use-after-free due to race condition occurring in dvb_frontend > > > > > > This is a security patch for a race condition that occurs in the dvb_frontend system of dvb-core. > > > > > > > > > > > > The race condition that occurs here will occur with _any_ device driver using dvb_frontend. > > > > > > > > > > > > The race conditions that occur in dvb_frontend are as follows > > > > > > > > [...] > > > > > > > > > > # 4. media: ttusb-dec: Fix memory leak in ttusb_dec_exit_dvb() > > > > > > This is a patch for a memory leak that occurs in the ttusb_dec_exit_dvb() function. > > > > > > > > > > > > Because ttusb_dec_exit_dvb() does not call dvb_frontend_detach(), > > > > > > several fe related structures are not kfree()d. > > > > > > > > > > > > Users can trigger a memory leak just by repeating connecting and disconnecting > > > > > > the ttusb_dec device. > > > > > > > > > > > > > > > > > > Finally, most of these patches are similar to this one, the security patch for > > > > > > CVE-2022-41218 that I reported: > > > > > > https://lore.kernel.org/linux-media/20221031100245.23702-1-tiwai@xxxxxxx/ > > > > > > > > > > > > > > > > > > Regards, > > > > > > Hyunwoo Kim > > > > > > > > > > Are those issues still seen with the latest 6.2-rc kernel? > > > > > I'm asking because there have been a few fixes in dvb-core to deal > > > > > with some UAFs. > > > > > > > > > > BTW, Mauro, the issues are tagged with several CVE's: > > > > > CVE-2022-45884, CVE-2022-45886, CVE-2022-45885, CVE-2022-45887. > > > > > > > > Was there an answer to this question? > > > > > > > > Rightly or wrongly this patch is still being touted as the fix for some > > > > reported CVEs [0]. > > > > > > > > Is this patch still required or has it been superseded? If the later, > > > > which patch superseded it? > > > > > > > > Thanks. > > > > > > > > [0] https://nvd.nist.gov/vuln/detail/CVE-2022-45886 > > > > > > Have these issues been fixed already? > > > > > > If not, is this patch set due to be merged or reviewed? > > > > Still nothing heard from the author or any maintainer. > > We're currently lacking a sub-maintainer for dvb. Changes at the > DVB mutexes have been problematic and require tests on some > devices, specially on those with multiple frontends. > > I'll try to find some time to review and test those patches. Thank you Mauro, I fully appreciate the struggles and the effort. > > I'd take this as a hint if I had any social skills! > > > > Please could someone provide me with a status report on these patches? > > > > They appear to have CVEs associated with them. Have they been fixed? > > Thanks, > Mauro -- Lee Jones [李琼斯]
