APPLIED: [SRU][F/J][PATCH 0/1] CVE-2024-43900
Koichiro Den
koichiro.den at canonical.com
Fri Jan 31 02:27:19 UTC 2025
On Wed, Jan 15, 2025 at 09:11:28AM GMT, Jacob Martin wrote:
> [Impact]
>
> A race condition exists in the xc2028 tuner driver between device removal and
> the firmware loading callback, resulting in a use-after-free vulnerability with
> the frontend pointer. This is resolved with an extra check in the firmware
> loading callback to return early if the frontend pointer is no longer valid.
>
> [Fix]
>
> Oracular: Not affected
> Noble: Fix released
> Jammy: Clean cherry pick from mainline
> Focal: Clean cherry pick from mainline
> Bionic: Patch sent to ESM list
> Xenial: Patch sent to ESM list
> Trusty: Patch sent to ESM list
>
> [Test Case]
>
> Compile tested.
>
> [Where problems could occur]
>
> This change is isolated to the xc2028 tuner driver. Issues with this patch
> could result in the driver misbehaving or failing to load firmware.
>
> Chi Zhiling (1):
> media: xc2028: avoid use-after-free in load_firmware_cb()
>
> drivers/media/tuners/tuner-xc2028.c | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
Applied to jammy:linux, focal:linux master-next branch. Thanks!
More information about the kernel-team
mailing list