mbox series

[SRU,Xenial,0/3] CVE-2021-37159

Message ID 20220317180041.58026-1-cascardo@canonical.com
Headers show
Series CVE-2021-37159 | expand

Message

Thadeu Lima de Souza Cascardo March 17, 2022, 6 p.m. UTC 
[Impact]
On some error paths during USB HSO probe, the driver would do a
use-after-free or double-free. This could allow malicous devices to
cause a DoS on the system or possibly execute arbritary code.

[Fix]
The first commit removes some error messages, making the backport easier
and less error prone. The second commit also helps with backports, but
also fix a secondary issue. The final commit had a small change due to
hso_free_net_device being changed.

[Potential regression]
USB HSO devices could fail to be correctly probe or function adequately.

Andreas Kemnade (1):
  net: hso: register netdev later to avoid a race condition

Dongliang Mu (1):
  usb: hso: fix error handling code of hso_create_net_device

Wolfram Sang (1):
  net: usb: hso: don't print error when allocating urb fails

 drivers/net/usb/hso.c | 65 ++++++++++++++++++++++---------------------
 1 file changed, 34 insertions(+), 31 deletions(-)

Comments

Luke Nowakowski-Krijger March 18, 2022, 12:43 a.m. UTC | #1 
Acked-by: Luke Nowakowski-Krijger <luke.nowakowskikrijger@canonical.com>

On Thu, Mar 17, 2022 at 11:01 AM Thadeu Lima de Souza Cascardo <
cascardo@canonical.com> wrote:

> [Impact]
> On some error paths during USB HSO probe, the driver would do a
> use-after-free or double-free. This could allow malicous devices to
> cause a DoS on the system or possibly execute arbritary code.
>
> [Fix]
> The first commit removes some error messages, making the backport easier
> and less error prone. The second commit also helps with backports, but
> also fix a secondary issue. The final commit had a small change due to
> hso_free_net_device being changed.
>
> [Potential regression]
> USB HSO devices could fail to be correctly probe or function adequately.
>
> Andreas Kemnade (1):
>   net: hso: register netdev later to avoid a race condition
>
> Dongliang Mu (1):
>   usb: hso: fix error handling code of hso_create_net_device
>
> Wolfram Sang (1):
>   net: usb: hso: don't print error when allocating urb fails
>
>  drivers/net/usb/hso.c | 65 ++++++++++++++++++++++---------------------
>  1 file changed, 34 insertions(+), 31 deletions(-)
>
> --
> 2.25.1
>
>
> --
> kernel-team mailing list
> kernel-team@lists.ubuntu.com
> https://lists.ubuntu.com/mailman/listinfo/kernel-team
>
Tim Gardner March 21, 2022, 11:51 a.m. UTC | #2 
Acked-by: Tim Gardner <tim.gardner@canonical.com>

Seems like this should have been on the ESM list.

On 3/17/22 12:00, Thadeu Lima de Souza Cascardo wrote:
> [Impact]
> On some error paths during USB HSO probe, the driver would do a
> use-after-free or double-free. This could allow malicous devices to
> cause a DoS on the system or possibly execute arbritary code.
> 
> [Fix]
> The first commit removes some error messages, making the backport easier
> and less error prone. The second commit also helps with backports, but
> also fix a secondary issue. The final commit had a small change due to
> hso_free_net_device being changed.
> 
> [Potential regression]
> USB HSO devices could fail to be correctly probe or function adequately.
> 
> Andreas Kemnade (1):
>    net: hso: register netdev later to avoid a race condition
> 
> Dongliang Mu (1):
>    usb: hso: fix error handling code of hso_create_net_device
> 
> Wolfram Sang (1):
>    net: usb: hso: don't print error when allocating urb fails
> 
>   drivers/net/usb/hso.c | 65 ++++++++++++++++++++++---------------------
>   1 file changed, 34 insertions(+), 31 deletions(-)
>