asgardius/android_kernel_motorola_sm6225
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
Kernel sources for Moto G9 (Play) (Guamp)
810299 commits 1 branch 0 tags 1.7 GiB
C 98.1%
Assembly 1.2%
Makefile 0.3%
Shell 0.1%
Find a file
YueHaibing 9b58d36d0c can: bcm: Fix UAF in bcm_proc_show() 
commit 55c3b96074f3f9b0aee19bf93cd71af7516582bb upstream.

BUG: KASAN: slab-use-after-free in bcm_proc_show+0x969/0xa80
Read of size 8 at addr ffff888155846230 by task cat/7862

CPU: 1 PID: 7862 Comm: cat Not tainted 6.5.0-rc1-00153-gc8746099c197 #230
Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS 1.15.0-1 04/01/2014
Call Trace:
 <TASK>
 dump_stack_lvl+0xd5/0x150
 print_report+0xc1/0x5e0
 kasan_report+0xba/0xf0
 bcm_proc_show+0x969/0xa80
 seq_read_iter+0x4f6/0x1260
 seq_read+0x165/0x210
 proc_reg_read+0x227/0x300
 vfs_read+0x1d5/0x8d0
 ksys_read+0x11e/0x240
 do_syscall_64+0x35/0xb0
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Allocated by task 7846:
 kasan_save_stack+0x1e/0x40
 kasan_set_track+0x21/0x30
 __kasan_kmalloc+0x9e/0xa0
 bcm_sendmsg+0x264b/0x44e0
 sock_sendmsg+0xda/0x180
 ____sys_sendmsg+0x735/0x920
 ___sys_sendmsg+0x11d/0x1b0
 __sys_sendmsg+0xfa/0x1d0
 do_syscall_64+0x35/0xb0
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Freed by task 7846:
 kasan_save_stack+0x1e/0x40
 kasan_set_track+0x21/0x30
 kasan_save_free_info+0x27/0x40
 ____kasan_slab_free+0x161/0x1c0
 slab_free_freelist_hook+0x119/0x220
 __kmem_cache_free+0xb4/0x2e0
 rcu_core+0x809/0x1bd0

bcm_op is freed before procfs entry be removed in bcm_release(),
this lead to bcm_proc_show() may read the freed bcm_op.

Fixes: ffd980f976 ("[CAN]: Add broadcast manager (bcm) protocol")
Signed-off-by: YueHaibing <yuehaibing@huawei.com>
Reviewed-by: Oliver Hartkopp <socketcan@hartkopp.net>
Acked-by: Oliver Hartkopp <socketcan@hartkopp.net>
Link: https://lore.kernel.org/all/20230715092543.15548-1-yuehaibing@huawei.com
Cc: stable@vger.kernel.org
Signed-off-by: Marc Kleine-Budde <mkl@pengutronix.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2023-08-11 11:45:24 +02:00
arch xtensa: ISS: fix call to split_if_spec 2023-08-11 11:45:23 +02:00
block block: bio-integrity: Copy flags when bio_integrity_payload is cloned 2023-03-11 16:31:33 +01:00
certs certs/blacklist_hashes.c: fix const confusion in certs blacklist 2022-06-25 11:49:16 +02:00
crypto crypto: drbg - Only fail when jent is unavailable in FIPS mode 2023-05-17 11:13:13 +02:00
Documentation Documentation/x86: Fix backwards on/off logic about YMM support 2023-08-08 19:49:19 +02:00
drivers drm/atomic: Fix potential use-after-free in nonblocking commits 2023-08-11 11:45:24 +02:00
firmware Fix built-in early-load Intel microcode alignment 2020-01-23 08:21:29 +01:00
fs fuse: revalidate: don't invalidate if interrupted 2023-08-11 11:45:24 +02:00
include Revert "8250: add support for ASIX devices with a FIFO bug" 2023-08-11 11:45:22 +02:00
init init, x86: Move mem_encrypt_init() into arch_cpu_finalize_init() 2023-08-08 19:49:18 +02:00
ipc ipc/sem: Fix dangling sem_array access in semtimedop race 2022-12-08 11:18:35 +01:00
kernel tracing/histograms: Add histograms to hist_vars if they have referenced variables 2023-08-11 11:45:24 +02:00
lib lib/ts_bm: reset initial match offset for every block of text 2023-08-11 11:45:07 +02:00
LICENSES LICENSES: Remove CC-BY-SA-4.0 license text 2018-10-18 11:28:50 +02:00
mm treewide: Remove uninitialized_var() usage 2023-08-11 11:45:01 +02:00
net can: bcm: Fix UAF in bcm_proc_show() 2023-08-11 11:45:24 +02:00
samples samples/bpf: Fix buffer overflow in tcp_basertt 2023-08-11 11:45:03 +02:00
scripts modpost: fix section mismatch message for R_ARM_{PC24,CALL,JUMP24} 2023-08-11 11:45:10 +02:00
security integrity: Fix possible multiple allocation in integrity_inode_get() 2023-08-11 11:45:15 +02:00
sound ALSA: jack: Fix mutex call in snd_jack_report() 2023-08-11 11:45:14 +02:00
tools perf probe: Add test for regression introduced by switch to die_get_decl_file() 2023-08-11 11:45:24 +02:00
usr initramfs: restore default compression behavior 2020-04-13 10:44:59 +02:00
virt KVM: arm64: vgic: Fix exit condition in scan_its_table() 2022-11-03 23:52:24 +09:00
.clang-format clang-format: Set IndentWrappedFunctionNames false 2018-08-01 18:38:51 +02:00
.cocciconfig
.get_maintainer.ignore
.gitattributes
.gitignore Kbuild updates for v4.17 (2nd) 2018-04-15 17:21:30 -07:00
.mailmap libnvdimm-for-4.19_misc 2018-08-25 18:13:10 -07:00
COPYING COPYING: use the new text with points to the license files 2018-03-23 12:41:45 -06:00
CREDITS 9p: remove Ron Minnich from MAINTAINERS 2018-08-17 16:20:26 -07:00
Kbuild Kbuild updates for v4.15 2017-11-17 17:45:29 -08:00
Kconfig kconfig: move the "Executable file formats" menu to fs/Kconfig.binfmt 2018-08-02 08:06:55 +09:00
MAINTAINERS clocksource/drivers: Unify the names to timer-* format 2023-08-11 11:45:02 +02:00
Makefile Linux 4.19.290 2023-08-08 19:49:19 +02:00
README Docs: Added a pointer to the formatted docs to README 2018-03-21 09:02:53 -06:00

README 

Linux kernel
============

There are several guides for kernel developers and users. These guides can
be rendered in a number of formats, like HTML and PDF. Please read
Documentation/admin-guide/README.rst first.

In order to build the documentation, use ``make htmldocs`` or
``make pdfdocs``.  The formatted documentation can also be read online at:

    https://www.kernel.org/doc/html/latest/

There are various text files in the Documentation/ subdirectory,
several of them using the Restructured Text markup notation.
See Documentation/00-INDEX for a list of what is contained in each file.

Please read the Documentation/process/changes.rst file, as it contains the
requirements for building and running the kernel, and information about
the problems which may result by upgrading your kernel.