[CVE-2017-16525][SRU][Trusty][Zesty][PATCH 1/2] USB: serial: console: fix use-after-free after failed setup
Po-Hsu Lin
po-hsu.lin at canonical.com
Fri Dec 8 10:58:00 UTC 2017
From: Johan Hovold <johan at kernel.org>
CVE-2017-16525
Make sure to reset the USB-console port pointer when console setup fails
in order to avoid having the struct usb_serial be prematurely freed by
the console code when the device is later disconnected.
Fixes: 73e487fdb75f ("[PATCH] USB console: fix disconnection issues")
Cc: stable <stable at vger.kernel.org> # 2.6.18
Acked-by: Greg Kroah-Hartman <gregkh at linuxfoundation.org>
Signed-off-by: Johan Hovold <johan at kernel.org>
(cherry picked from commit 299d7572e46f98534033a9e65973f13ad1ce9047)
Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
---
drivers/usb/serial/console.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/drivers/usb/serial/console.c b/drivers/usb/serial/console.c
index b6f1ade..76062ce 100644
--- a/drivers/usb/serial/console.c
+++ b/drivers/usb/serial/console.c
@@ -186,6 +186,7 @@ static int usb_console_setup(struct console *co, char *options)
tty_kref_put(tty);
reset_open_count:
port->port.count = 0;
+ info->port = NULL;
usb_autopm_put_interface(serial->interface);
error_get_interface:
usb_serial_put(serial);
--
2.7.4
More information about the kernel-team
mailing list