[PATCH 0/2][SRU][X] CVE-2018-20961: USB Gadget MIDI Function UAF

Tyler Hicks tyhicks at canonical.com
Wed Aug 14 23:21:43 UTC 2019


 In the Linux kernel before 4.16.4, a double free vulnerability in the
 f_midi_set_alt function of drivers/usb/gadget/function/f_midi.c in the
 f_midi driver may allow attackers to cause a denial of service or
 possibly have unspecified other impact.

Clean cherry picks. I'm unable to test without appropriate hardware but
the the build logs are clean and a test kernel boots without any issues.

The first patch isn't necessarily required for the CVE fix but the error
path doesn't work correctly without it. I think it is safe and
worthwhile to bring back with the CVE fix.


Felipe F. Tonello (1):
  usb: gadget: f_midi: fail if set_alt fails to allocate requests

Yavuz, Tuba (1):
  USB: gadget: f_midi: fixing a possible double-free in f_midi

 drivers/usb/gadget/function/f_midi.c | 6 ++++--
 drivers/usb/gadget/u_f.h             | 2 ++
 2 files changed, 6 insertions(+), 2 deletions(-)


More information about the kernel-team mailing list