]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: f98cea4) | patch
Fix use after free in get_capset_info callback.
authorDoug Horn <doughorn@google.com>
Wed, 2 Sep 2020 21:08:25 +0000 (14:08 -0700)
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Fri, 30 Oct 2020 09:38:31 +0000 (10:38 +0100)
commit18136b33e38d418c679b291a05041fa7a77ac361
tree03ec018a84315a55fa6347f3d08a0904ad73ce62tree
parentf98cea40fa21884ba2811a0be419f386322381ebcommit | diff
Fix use after free in get_capset_info callback.

[ Upstream commit e219688fc5c3d0d9136f8d29d7e0498388f01440 ]

If a response to virtio_gpu_cmd_get_capset_info takes longer than
five seconds to return, the callback will access freed kernel memory
in vg->capsets.

Signed-off-by: Doug Horn <doughorn@google.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20200902210847.2689-2-gurchetansingh@chromium.org
Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>
drivers/gpu/drm/virtio/virtgpu_kms.c diff | blob | blame | history
drivers/gpu/drm/virtio/virtgpu_vq.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git