iv/linux
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
linux/drivers/firmware
History
Hyunwoo Kim 9cb636b5f6 efi: capsule-loader: Fix use-after-free in efi_capsule_write 
A race condition may occur if the user calls close() on another thread
during a write() operation on the device node of the efi capsule.

This is a race condition that occurs between the efi_capsule_write() and
efi_capsule_flush() functions of efi_capsule_fops, which ultimately
results in UAF.

So, the page freeing process is modified to be done in
efi_capsule_release() instead of efi_capsule_flush().

Cc: <stable@vger.kernel.org> # v4.9+
Signed-off-by: Hyunwoo Kim <imv4bel@gmail.com>
Link: https://lore.kernel.org/all/20220907102920.GA88602@ubuntu/
Signed-off-by: Ard Biesheuvel <ardb@kernel.org>
2022-09-07 18:23:56 +02:00
..
arm_ffa
firmware: arm_ffa: Remove incorrect assignment of driver_data
2022-04-29 14:51:46 +01:00
arm_scmi
Power management updates for 5.20-rc1
2022-08-02 11:17:00 -07:00
broadcom
firmware: tee_bnxt: Use UUID API for exporting the UUID
2022-05-05 18:14:29 -07:00
cirrus
firmware: cs_dsp: Add memory chunk helpers
2022-07-22 13:40:00 +01:00
efi
efi: capsule-loader: Fix use-after-free in efi_capsule_write
2022-09-07 18:23:56 +02:00
google
firmware: google: Properly state IOMEM dependency
2022-03-18 14:18:15 +01:00
imx
firmware: imx: scu-pd: imx8q: add vpu mu resources
2022-02-20 14:55:32 +08:00
meson
psci
firmware/psci: fix application of sizeof to pointer
2021-10-26 17:40:54 -05:00
smccc
printk: stop including cache.h from printk.h
2022-05-13 07:20:07 -07:00
tegra
firmware: tegra: Fix error check return value of debugfs_create_file()
2022-07-08 17:56:03 +02:00
xilinx
firmware: xilinx: Add TF_A_PM_REGISTER_SGI SMC call
2022-06-29 14:46:22 +02:00
arm_scpi.c
firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails
2022-07-04 14:28:42 +01:00
arm_sdei.c
ACPI: APEI: explicit init of HEST and GHES in apci_init()
2022-03-03 20:24:22 +01:00
dmi_scan.c
dmi-id.c
firmware: dmi: Move product_sku info to the end of the modalias
2021-09-02 17:28:53 +02:00
dmi-sysfs.c
firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle
2022-05-19 18:56:56 +02:00
edd.c
edd: simplify the check of 'attr->test' in edd_populate_dir()
2022-05-19 18:57:04 +02:00
iscsi_ibft_find.c
iscsi_ibft: fix warning in reserve_ibft_region()
2021-08-05 19:47:57 -04:00
iscsi_ibft.c
iscsi_ibft: Fix isa_bus_to_virt not working under ARM
2021-09-02 16:22:00 -04:00
Kconfig
sound updates for 5.19-rc1
2022-05-25 16:55:16 -07:00
Makefile
Follow-up tweaks for the EFI changes in v5.19
2022-06-03 13:39:30 -07:00
memmap.c
firmware: memmap: use default_groups in kobj_type
2022-01-05 19:17:29 +01:00
mtk-adsp-ipc.c
firmware: mediatek: Use meaningful names for mbox
2022-06-22 13:39:30 +01:00
pcdp.c
pcdp.h
qcom_scm-legacy.c
firmware: qcom_scm-legacy: correct kerneldoc
2022-06-25 22:04:31 -05:00
qcom_scm-smc.c
qcom_scm.c
firmware: qcom_scm: Add bw voting support to the SCM interface
2022-06-29 21:48:32 -05:00
qcom_scm.h
firmware: qcom: scm: Add support for MC boot address API
2022-02-03 21:54:48 -06:00
qemu_fw_cfg.c
firmware: qemu_fw_cfg: remove sysfs entries explicitly
2022-01-14 18:50:52 -05:00
raspberrypi.c
firmware: raspberrypi: Fix a leak in 'rpi_firmware_get()'
2021-08-18 16:02:08 +02:00
scpi_pm_domain.c
firmware: arm_scpi: Fix string overflow in SCPI genpd driver
2021-12-13 15:17:37 +01:00
stratix10-rsu.c
firmware: stratix10-rsu: extend RSU driver to get DCMF status
2022-07-14 16:55:09 +02:00
stratix10-svc.c
firmware: stratix10-svc: To support a command ATF Get Version
2022-07-14 16:55:09 +02:00
sysfb_simplefb.c
firmware: sysfb: Make sysfb_create_simplefb() return a pdev pointer
2022-06-29 09:51:31 +02:00
sysfb.c
firmware: sysfb: Add sysfb_disable() helper function
2022-06-29 09:51:41 +02:00
ti_sci.c
firmware: ti_sci: Switch transport to polled mode during system suspend
2022-05-03 06:52:11 -05:00
ti_sci.h
trusted_foundations.c
turris-mox-rwtm.c
mvebu drivers for 5.14 (part 1)
2021-06-23 18:57:40 -07:00