]> git.ipfire.org Git - thirdparty/kernel/stable.git/commit
projects / thirdparty / kernel / stable.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 408a75c) | patch
ALSA: seq: Don't allow resizing pool in use
authorTakashi Iwai <tiwai@suse.de>
Mon, 5 Mar 2018 21:00:55 +0000 (22:00 +0100)
committerSasha Levin <alexander.levin@microsoft.com>
Wed, 21 Mar 2018 03:49:50 +0000 (23:49 -0400)
commit282e27a729a6f766354e39a35f4e77f615a8e2ac
treeb780bc0c5cc1bf66a0e23a12313442fe859fa4c0tree
parent408a75c61488c890b036edee412665aefad21367commit | diff
ALSA: seq: Don't allow resizing pool in use

[ Upstream commit d85739367c6d56e475c281945c68fdb05ca74b4c ]

This is a fix for a (sort of) fallout in the recent commit
d15d662e89fc ("ALSA: seq: Fix racy pool initializations") for
CVE-2018-1000004.
As the pool resize deletes the existing cells, it may lead to a race
when another thread is writing concurrently, eventually resulting a
UAF.

A simple workaround is not to allow the pool resizing when the pool is
in use.  It's an invalid behavior in anyway.

Fixes: d15d662e89fc ("ALSA: seq: Fix racy pool initializations")
Reported-by: 范龙飞 <long7573@126.com>
Reported-by: Nicolai Stange <nstange@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Signed-off-by: Sasha Levin <alexander.levin@microsoft.com>
sound/core/seq/seq_clientmgr.c diff | blob | blame | history
Mirror https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git