This is a note to let you know that I've just added the patch titled
net: fddi: fix UAF in fza_probe
to the 5.4-stable tree which can be found at:
http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary
The filename of the patch is:
net-fddi-fix-uaf-in-fza_probe.patch
and it can be found in the queue-5.4 subdirectory.
If you, or anyone else, feels it should not be added to the stable tree,
please let <stable@xxxxxxxxxxxxxxx> know about it.
>From deb7178eb940e2c5caca1b1db084a69b2e59b4c9 Mon Sep 17 00:00:00 2001
From: Pavel Skripkin <paskripkin@xxxxxxxxx>
Date: Tue, 13 Jul 2021 13:58:53 +0300
Subject: net: fddi: fix UAF in fza_probe
From: Pavel Skripkin <paskripkin@xxxxxxxxx>
commit deb7178eb940e2c5caca1b1db084a69b2e59b4c9 upstream.
fp is netdev private data and it cannot be
used after free_netdev() call. Using fp after free_netdev()
can cause UAF bug. Fix it by moving free_netdev() after error message.
Fixes: 61414f5ec983 ("FDDI: defza: Add support for DEC FDDIcontroller 700
TURBOchannel adapter")
Signed-off-by: Pavel Skripkin <paskripkin@xxxxxxxxx>
Signed-off-by: David S. Miller <davem@xxxxxxxxxxxxx>
Signed-off-by: Greg Kroah-Hartman <gregkh@xxxxxxxxxxxxxxxxxxx>
---
drivers/net/fddi/defza.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
--- a/drivers/net/fddi/defza.c
+++ b/drivers/net/fddi/defza.c
@@ -1504,9 +1504,8 @@ err_out_resource:
release_mem_region(start, len);
err_out_kfree:
- free_netdev(dev);
-
pr_err("%s: initialization failure, aborting!\n", fp->name);
+ free_netdev(dev);
return ret;
}
Patches currently in stable-queue which might be from paskripkin@xxxxxxxxx are
queue-5.4/net-ti-fix-uaf-in-tlan_remove_one.patch
queue-5.4/net-qcom-emac-fix-uaf-in-emac_remove.patch
queue-5.4/net-fddi-fix-uaf-in-fza_probe.patch
queue-5.4/net-moxa-fix-uaf-in-moxart_mac_probe.patch
