Fix use after free in get_capset_info callback. (5c9a65a6) · Commits · Android-smartphones / realme / x50 pro / kernel source / kernel 11 / kernel R

Commit 5c9a65a6 authored Sep 02, 2020 by Doug Horn Committed by bgman111111 Jun 16, 2022

Fix use after free in get_capset_info callback.



[ Upstream commit e219688fc5c3d0d9136f8d29d7e0498388f01440 ]

If a response to virtio_gpu_cmd_get_capset_info takes longer than
five seconds to return, the callback will access freed kernel memory
in vg->capsets.

Signed-off-by: Doug Horn <doughorn@google.com>
Link: http://patchwork.freedesktop.org/patch/msgid/20200902210847.2689-2-gurchetansingh@chromium.org


Signed-off-by: Gerd Hoffmann <kraxel@redhat.com>
Signed-off-by: Sasha Levin <sashal@kernel.org>

parent 9d202041

Hide whitespace changes

Inline Side-by-side

Please register or to comment