From patchwork Thu Mar 17 18:00:38 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Thadeu Lima de Souza Cascardo X-Patchwork-Id: 1606700 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: bilbo.ozlabs.org; dkim=fail reason="signature verification failed" (2048-bit key; unprotected) header.d=canonical.com header.i=@canonical.com header.a=rsa-sha256 header.s=20210705 header.b=RpmVziah; dkim-atps=neutral Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=lists.ubuntu.com (client-ip=91.189.94.19; helo=huckleberry.canonical.com; envelope-from=kernel-team-bounces@lists.ubuntu.com; receiver=) Received: from huckleberry.canonical.com (huckleberry.canonical.com [91.189.94.19]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by bilbo.ozlabs.org (Postfix) with ESMTPS id 4KKFLw5sz6z9sFs for ; Fri, 18 Mar 2022 05:01:12 +1100 (AEDT) Received: from localhost ([127.0.0.1] helo=huckleberry.canonical.com) by huckleberry.canonical.com with esmtp (Exim 4.86_2) (envelope-from ) id 1nUuQe-00006R-PP; Thu, 17 Mar 2022 18:00:52 +0000 Received: from smtp-relay-canonical-1.internal ([10.131.114.174] helo=smtp-relay-canonical-1.canonical.com) by huckleberry.canonical.com with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.86_2) (envelope-from ) id 1nUuQd-00006K-ME for kernel-team@lists.ubuntu.com; Thu, 17 Mar 2022 18:00:51 +0000 Received: from localhost.localdomain (unknown [179.93.212.253]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by smtp-relay-canonical-1.canonical.com (Postfix) with ESMTPSA id C9B353F658 for ; Thu, 17 Mar 2022 18:00:49 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com; s=20210705; t=1647540050; bh=2H7ySJB0sM/mmNzJL3xkaKes54OnhUUyoB0gfzm6p9c=; h=From:To:Subject:Date:Message-Id:MIME-Version; b=RpmVziah4YAv5GFInpU8t+cfHusFNR1ZKKayFpQnUOB6NNd6DXXSmtuWf6StC8pYr 9xWecqj3O3wOC76BWfk2A5bqDXNmu1u0eQ09tnndvfG5zCssTWUUgpTME86HPnZYcL 29nv+8oUTMm9G3nZZNgKFLfQBv5is0BhWGCasoyCbpw+qevg0H/0Sp5FMtGC17yj1G rkivNPjuXjI2brXA6fhfRRIAy853iQ9HUGVOXXtPsC/mUYhHaRrwcDjuuBbmxxwj6S UOpW+Oo5FaArEcG6cV37Y6PFme1k3vAIWoEt96sWOmXp5x8bAr7cjZh2stuTg81jQN PYJh6QPYBEm5A== From: Thadeu Lima de Souza Cascardo To: kernel-team@lists.ubuntu.com Subject: [SRU Xenial 0/3] CVE-2021-37159 Date: Thu, 17 Mar 2022 15:00:38 -0300 Message-Id: <20220317180041.58026-1-cascardo@canonical.com> X-Mailer: git-send-email 2.25.1 MIME-Version: 1.0 X-BeenThere: kernel-team@lists.ubuntu.com X-Mailman-Version: 2.1.20 Precedence: list List-Id: Kernel team discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: kernel-team-bounces@lists.ubuntu.com Sender: "kernel-team" [Impact] On some error paths during USB HSO probe, the driver would do a use-after-free or double-free. This could allow malicous devices to cause a DoS on the system or possibly execute arbritary code. [Fix] The first commit removes some error messages, making the backport easier and less error prone. The second commit also helps with backports, but also fix a secondary issue. The final commit had a small change due to hso_free_net_device being changed. [Potential regression] USB HSO devices could fail to be correctly probe or function adequately. Andreas Kemnade (1): net: hso: register netdev later to avoid a race condition Dongliang Mu (1): usb: hso: fix error handling code of hso_create_net_device Wolfram Sang (1): net: usb: hso: don't print error when allocating urb fails drivers/net/usb/hso.c | 65 ++++++++++++++++++++++--------------------- 1 file changed, 34 insertions(+), 31 deletions(-) Acked-by: Luke Nowakowski-Krijger Acked-by: Tim Gardner