diff options
Diffstat (limited to 'airspy-fix-error-logic-during-device-register.patch')
-rw-r--r-- | airspy-fix-error-logic-during-device-register.patch | 40 |
1 files changed, 0 insertions, 40 deletions
diff --git a/airspy-fix-error-logic-during-device-register.patch b/airspy-fix-error-logic-during-device-register.patch deleted file mode 100644 index 575090d9d..000000000 --- a/airspy-fix-error-logic-during-device-register.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 785ef73dba6e9fefd2e5dd24546e0efa8698e5cd Mon Sep 17 00:00:00 2001 -From: James Patrick-Evans <james@jmp-e.com> -Date: Fri, 15 Jul 2016 12:40:45 -0300 -Subject: [media] airspy: fix error logic during device register - -This patch addresses CVE-2016-5400, a local DOS vulnerability caused by -a memory leak in the airspy usb device driver. - -The vulnerability is triggered when more than 64 usb devices register -with v4l2 of type VFL_TYPE_SDR or VFL_TYPE_SUBDEV.A badusb device can -emulate 64 of these devices then through continual emulated -connect/disconnect of the 65th device, cause the kernel to run out of -RAM and crash the kernel. - -The vulnerability exists in kernel versions from 3.17 to current 4.7. - -The memory leak is caused by the probe function of the airspy driver -mishandeling errors and not freeing the corresponding control structures -when an error occours registering the device to v4l2 core. - -Signed-off-by: James Patrick-Evans <james@jmp-e.com> -Cc: stable@vger.kernel.org # Up to Kernel 3.17 -Signed-off-by: Mauro Carvalho Chehab <mchehab@s-opensource.com> - -diff --git a/drivers/media/usb/airspy/airspy.c b/drivers/media/usb/airspy/airspy.c -index d807d58..19cd64c 100644 ---- a/drivers/media/usb/airspy/airspy.c -+++ b/drivers/media/usb/airspy/airspy.c -@@ -1072,7 +1072,7 @@ static int airspy_probe(struct usb_interface *intf, - if (ret) { - dev_err(s->dev, "Failed to register as video device (%d)\n", - ret); -- goto err_unregister_v4l2_dev; -+ goto err_free_controls; - } - dev_info(s->dev, "Registered as %s\n", - video_device_node_name(&s->vdev)); --- -cgit v0.10.2 - |