Headline
CVE-2023-3159: firewire: fix potential uaf in outbound_phy_packet_callback() · torvalds/linux@b7c81f8
A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails.
Commit
Permalink
Browse files
Browse the repository at this point in the history
firewire: fix potential uaf in outbound_phy_packet_callback()
&e->event and e point to the same address, and &e->event could be freed in queue_event. So there is a potential uaf issue if we dereference e after calling queue_event(). Fix this by adding a temporary variable to maintain e->client in advance, this can avoid the potential uaf issue.
Cc: [email protected] Signed-off-by: Chengfeng Ye [email protected] Signed-off-by: Takashi Sakamoto [email protected] Link: https://lore.kernel.org/r/[email protected] Signed-off-by: Takashi Iwai [email protected]
- Loading branch information
Related news
Ubuntu Security Notice 6341-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a use-after-free vulnerability existed in the IEEE 1394 implementation in the Linux kernel. A privileged attacker could use this to cause a denial of service or possibly execute arbitrary code.
Ubuntu Security Notice 6254-1 - Jordy Zomer and Alexandra Sandulescu discovered that syscalls invoking the do_prlimit function in the Linux kernel did not properly handle speculative execution barriers. A local attacker could use this to expose sensitive information. It was discovered that a race condition existed in the btrfs file system implementation in the Linux kernel, leading to a use-after-free vulnerability. A local attacker could use this to cause a denial of service or possibly expose sensitive information.