MIRRORS/linux-yocto
1
0
Fork 0
mirror of git://git.yoctoproject.org/linux-yocto.git synced 2025-10-22 15:03:53 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
1,371,883 Commits 589 Branches 4,509 Tags 4.3 GiB
C 97.5%
Assembly 1%
Shell 0.6%
Python 0.3%
Makefile 0.3%
Other 0.1%
af600e7f55
Go to file
Jeongjun Park af600e7f55 ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free 
commit 9f2c0ac1423d5f267e7f1d1940780fc764b0fee3 upstream.

The previous commit 0718a78f6a ("ALSA: usb-audio: Kill timer properly at
removal") patched a UAF issue caused by the error timer.

However, because the error timer kill added in this patch occurs after the
endpoint delete, a race condition to UAF still occurs, albeit rarely.

Additionally, since kill-cleanup for urb is also missing, freed memory can
be accessed in interrupt context related to urb, which can cause UAF.

Therefore, to prevent this, error timer and urb must be killed before
freeing the heap memory.

Cc: <stable@vger.kernel.org>
Reported-by: syzbot+f02665daa2abeef4a947@syzkaller.appspotmail.com
Closes: https://syzkaller.appspot.com/bug?extid=f02665daa2abeef4a947
Fixes: 0718a78f6a ("ALSA: usb-audio: Kill timer properly at removal")
Signed-off-by: Jeongjun Park <aha310510@gmail.com>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2025-10-06 11:18:47 +02:00
arch x86/Kconfig: Reenable PTDUMP on i386 2025-10-02 13:48:38 +02:00
block blk-mq: fix blk_mq_tags double free while nr_requests grown 2025-10-06 11:18:47 +02:00
certs sign-file,extract-cert: use pkcs11 provider for OPENSSL MAJOR >= 3 2024-09-20 19:52:48 +03:00
crypto crypto: af_alg - Set merge to zero early in af_alg_sendmsg 2025-09-25 11:16:53 +02:00
Documentation platform/x86: lg-laptop: Fix WMAB call in fan_mode_store() 2025-10-02 13:48:34 +02:00
drivers scsi: target: target_core_configfs: Add length check to avoid buffer overflow 2025-10-06 11:18:47 +02:00
fs mm/hugetlb: fix folio is still mapped when deleted 2025-10-02 13:48:38 +02:00
include crypto: af_alg - Fix incorrect boolean values in af_alg_ctx 2025-10-02 13:48:36 +02:00
init io_uring: fix breakage in EXPERT menu 2025-08-15 16:38:23 +02:00
io_uring io_uring: fix incorrect io_kiocb reference in io_link_skb 2025-09-25 11:16:53 +02:00
ipc - The 3 patch series "hung_task: extend blocking task stacktrace dump to 2025-05-31 19:12:53 -07:00
kernel sched_ext: idle: Handle migration-disabled tasks in BPF code 2025-10-02 13:48:39 +02:00
lib lib/sbitmap: convert shallow_depth from one word to the whole sbitmap 2025-08-20 18:41:31 +02:00
LICENSES LICENSES: add CC0-1.0 license text 2025-05-21 14:54:17 +02:00
mm mm/damon/sysfs: do not ignore callback's return value in damon_sysfs_damon_call() 2025-10-02 13:48:38 +02:00
net nexthop: Forbid FDB status change while nexthop is in a group 2025-10-02 13:48:31 +02:00
rust rust: mm: mark VmaNew as transparent 2025-09-09 19:02:29 +02:00
samples samples/damon/prcl: avoid starting DAMON before initialization 2025-09-25 11:16:54 +02:00
scripts gcc-plugins: Remove TODO_verify_il for GCC >= 16 2025-10-06 11:18:47 +02:00
security apparmor: Fix 8-byte alignment for initial dfa blob streams 2025-08-28 16:34:16 +02:00
sound ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free 2025-10-06 11:18:47 +02:00
tools selftests: fib_nexthops: Fix creation of non-FDB nexthops 2025-10-02 13:48:32 +02:00
usr usr/include: openrisc: don't HDRTEST bpf_perf_event.h 2025-05-12 15:03:17 +09:00
virt KVM: Allow CPU to reschedule while setting per-page memory attributes 2025-06-24 12:20:17 -07:00
.clang-format Linux 6.15-rc5 2025-05-06 16:39:25 +10:00
.clippy.toml rust: clean Rust 1.88.0's warning about clippy::disallowed_macros configuration 2025-05-07 00:11:47 +02:00
.cocciconfig
.editorconfig .editorconfig: remove trim_trailing_whitespace option 2024-06-13 16:47:52 +02:00
.get_maintainer.ignore MAINTAINERS: Retire Ralf Baechle 2024-11-12 15:48:59 +01:00
.gitattributes .gitattributes: set diff driver for Rust source code files 2023-05-31 17:48:25 +02:00
.gitignore gitignore: allow .pylintrc to be tracked 2025-08-15 16:39:03 +02:00
.mailmap 11 hotfixes. 9 are cc:stable and the remainder address post-6.15 issues 2025-07-24 19:13:30 -07:00
.pylintrc docs: add a .pylintrc file with sys path for docs scripts 2025-04-09 12:10:33 -06:00
.rustfmt.toml
COPYING
CREDITS mm: update MAINTAINERS entry for HMM 2025-07-19 19:26:16 -07:00
Kbuild drm: ensure drm headers are self-contained and pass kernel-doc 2025-02-12 10:44:43 +02:00
Kconfig io_uring: Rename KConfig to Kconfig 2025-02-19 14:53:27 -07:00
MAINTAINERS 11 hotfixes. 9 are cc:stable and the remainder address post-6.15 issues 2025-07-24 19:13:30 -07:00
Makefile Linux 6.16.10 2025-10-02 13:48:40 +02:00
README README: Fix spelling 2024-03-18 03:36:32 -06:00

README

Linux kernel

There are several guides for kernel developers and users. These guides can be rendered in a number of formats, like HTML and PDF. Please read Documentation/admin-guide/README.rst first.

In order to build the documentation, use make htmldocs or make pdfdocs. The formatted documentation can also be read online at:

https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory, several of them using the reStructuredText markup notation.

Please read the Documentation/process/changes.rst file, as it contains the requirements for building and running the kernel, and information about the problems which may result by upgrading your kernel.