Search Linux Wireless

Fwd: Potential memory leak bug in rtl8xxxu_tx() by triggering usb_submit_urb() failures

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: linux-wireless@xxxxxxxxxxxxxxx
Subject: Fwd: Potential memory leak bug in rtl8xxxu_tx() by triggering usb_submit_urb() failures
From: Dongyang Zhan <zdyzztq@xxxxxxxxx>
Date: Thu, 14 May 2020 12:03:11 +0800
In-reply-to: <CAFSR4cuy-jj=L1Vf4mmZQWALzrFGE19bODa81KnnJ3MkX6jbtg@mail.gmail.com>
References: <CAFSR4cuy-jj=L1Vf4mmZQWALzrFGE19bODa81KnnJ3MkX6jbtg@mail.gmail.com>

---------- Forwarded message ---------
发件人： Dongyang Zhan <zdyzztq@xxxxxxxxx>
Date: 2020年5月3日周日 下午2:45
Subject: Potential memory leak bug in rtl8xxxu_tx() by triggering
usb_submit_urb() failures
To: <linux-wireless@xxxxxxxxxxxxxxx>

Hi,

I am a security researcher, my name is Dongyang Zhan. I found a potential bug in

/drivers/net/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in Linux
4.10.17. I hope you can help me to confirm it.

If usb_submit_urb() fails, usb_unanchor_urb cannot free tx_urb->urb,
causing memory consumption bug. This bug is similar with
CVE-2019-19068, which adds usb_free_urb() as bug fix.

Thank you.

Prev by Date: Fwd: Potential memory leak bug in mwifiex_init_rxq_ring()
Next by Date: Re: [PATCH] mt76: fix different licenses in same driver
Previous by thread: Fwd: Potential memory leak bug in mwifiex_init_rxq_ring()
Next by thread: [PATCH] nl80211: fix p2p go mgmt send failure on DFS channel
Index(es):
- Date
- Thread

[Index of Archives] [Linux Host AP] [ATH6KL] [Linux Wireless Personal Area Network] [Linux Bluetooth] [Wireless Regulations] [Linux Netdev] [Kernel Newbies] [Linux Kernel] [IDE] [Git] [Netfilter] [Bugtraq] [Yosemite Hiking] [MIPS Linux] [ARM Linux] [Linux RAID]

Powered by Linux