Gitiles
Code Review Sign In
gerrit-public.fairphone.software / kernel / msm / a401aaf06f3bfa137381c2864bb41e9a92cac953
commita401aaf06f3bfa137381c2864bb41e9a92cac953[log] [tgz]
authorjeron <jeron.susan@hi-p.com>Wed Jul 27 15:26:26 2016 +0800
committerTeemu Hukkanen <teemu@fairphone.com>Fri Aug 26 10:37:41 2016 +0200
tree7345e086cbcc506baad8dda04330f2a4930391b3
parent8faff7409c553a6d6e544702011ba36484e65203 [diff]
FPII-2245: Elevation of privilege vulnerability in kernel sound component CVE-2016-2544 ANDROID-28695438

ALSA: seq: Fix race at timer setup and close
ALSA sequencer code has an open race between the timer setup ioctl and the close of the client.
This was triggered by syzkaller fuzzer, and a use-after-free was caught there as a result.
This patch papers over it by adding a proper queue->timer_mutex lock around the timer-related calls in the relevant code path.

Change-Id: Ibcceb8092d2e4293e1c93c4a1b388b388957fd39
1 file changed
tree: 7345e086cbcc506baad8dda04330f2a4930391b3
  1. arch/
  2. block/
  3. crypto/
  4. Documentation/
  5. drivers/
  6. firmware/
  7. fs/
  8. include/
  9. init/
  10. ipc/
  11. kernel/
  12. lib/
  13. mm/
  14. net/
  15. samples/
  16. scripts/
  17. security/
  18. sound/
  19. tools/
  20. usr/
  21. virt/
  22. .gitignore
  23. .mailmap
  24. AndroidKernel.mk
  25. COPYING
  26. CREDITS
  27. Kbuild
  28. Kconfig
  29. MAINTAINERS
  30. Makefile
  31. README
  32. REPORTING-BUGS