On Sun, Oct 16, 2022 at 07:10:40AM -0700, Hyunwoo Kim wrote: > On Sun, Oct 16, 2022 at 02:31:34PM +0200, gregkh@xxxxxxxxxxxxxxxxxxx wrote: > > > > This is a note to let you know that I've just added the patch titled > > > > fbdev: smscufx: Fix use-after-free in ufx_ops_open() > > > > to the 6.0-stable tree which can be found at: > > http://www.kernel.org/git/?p=linux/kernel/git/stable/stable-queue.git;a=summary > > > > The filename of the patch is: > > fbdev-smscufx-fix-use-after-free-in-ufx_ops_open.patch > > and it can be found in the queue-6.0 subdirectory. > > > > If you, or anyone else, feels it should not be added to the stable tree, > > please let <stable@xxxxxxxxxxxxxxx> know about it. > > This patch should not be applied. > > I have been pointed out that a UAF that bypasses this security patch may occur: > https://lore.kernel.org/linux-fbdev/20221011153436.GA4446@ubuntu/T/#t > > I will submit a patch that fixes this in the future. Ok, when that is merged I will be glad to merge it too, but for now, I'll keep this as it's a good start. thanks, greg k-h
