Ksawlii/kernel_samsung_a53x
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
kernel_samsung_a53x/drivers
History
Mazin Al Haddad 8e247e378e tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() 
commit f16c6d2e58a4c2b972efcf9eb12390ee0ba3befb upstream

A null pointer dereference can happen when attempting to access the
"gsm->receive()" function in gsmld_receive_buf(). Currently, the code
assumes that gsm->receive is only called after MUX activation.
Since the gsmld_receive_buf() function can be accessed without the need to
initialize the MUX, the gsm->receive() function will not be set and a
NULL pointer dereference will occur.

Fix this by avoiding the call to "gsm->receive()" in case the function is
not initialized by adding a sanity check.

Call Trace:
 <TASK>
 gsmld_receive_buf+0x1c2/0x2f0 drivers/tty/n_gsm.c:2861
 tiocsti drivers/tty/tty_io.c:2293 [inline]
 tty_ioctl+0xa75/0x15d0 drivers/tty/tty_io.c:2692
 vfs_ioctl fs/ioctl.c:51 [inline]
 __do_sys_ioctl fs/ioctl.c:870 [inline]
 __se_sys_ioctl fs/ioctl.c:856 [inline]
 __x64_sys_ioctl+0x193/0x200 fs/ioctl.c:856
 do_syscall_x64 arch/x86/entry/common.c:50 [inline]
 do_syscall_64+0x35/0xb0 arch/x86/entry/common.c:80
 entry_SYSCALL_64_after_hwframe+0x63/0xcd

Link: https://syzkaller.appspot.com/bug?id=bdf035c61447f8c6e0e6920315d577cb5cc35ac5
Fixes: 01aecd917114 ("tty: n_gsm: fix tty registration before control channel open")
Reported-and-tested-by: syzbot+e3563f0c94e188366dbb@syzkaller.appspotmail.com
Signed-off-by: Mazin Al Haddad <mazinalhaddad05@gmail.com>
Link: https://lore.kernel.org/r/20220814015211.84180-1-mazinalhaddad05@gmail.com
Signed-off-by: Gavrilov Ilia <Ilia.Gavrilov@infotecs.ru>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2024-11-18 12:11:58 +01:00
..
accessibility
acpi ACPI: resource: Skip IRQ override on ASUS ExpertBook B1402CVA 2024-11-18 12:10:57 +01:00
amba
android binder_alloc: Disable debug logging by default 2024-11-17 17:43:54 +01:00
ata ata: pata_isapnp: Add missing error check for devm_ioport_map() 2024-11-18 12:10:54 +01:00
atm atm: solos-pci: Fix potential deadlock on &tx_queue_lock 2024-11-18 12:11:48 +01:00
auxdisplay
base devcoredump: Send uevent once devcd is ready 2024-11-18 12:11:48 +01:00
battery drivers: battery_v2: sec_battery: export {CURRENT/VOLTAGE}_MAX to sysfs 2024-11-17 17:43:14 +01:00
bcma
block zram: use copy_page for full page copy 2024-11-17 17:41:38 +01:00
bluetooth Bluetooth: btusb: Add 0bda:b85b for Fn-Link RTL8852BE 2024-11-18 11:43:27 +01:00
bts
bus
cdrom
char hwrng: geode - fix accessing registers 2024-11-18 11:43:02 +01:00
clk clk: qcom: ipq6018: drop the CLK_SET_RATE_PARENT flag from PLL clocks 2024-11-18 11:43:22 +01:00
clocksource clocksource/drivers/timer-atmel-tcb: Fix initialization on SAM9 hardware 2024-11-18 11:43:12 +01:00
connector
counter counter: microchip-tcb-capture: Fix the use of internal GCLK logic 2024-11-08 11:25:51 +01:00
cpufreq cpufreq: imx6q: Don't disable 792 Mhz OPP unnecessarily 2024-11-18 12:11:13 +01:00
cpuidle
crypto crypto: qat - increase size of buffers 2024-11-18 11:43:03 +01:00
dax
dca
devfreq PM / devfreq: rockchip-dfi: Make pmu regmap mandatory 2024-11-18 11:42:49 +01:00
dio
dma dmaengine: stm32-mdma: correct desc prep when channel running 2024-11-18 11:43:25 +01:00
dma-buf
edac
eisa
extcon
fingerprint
firewire firewire: core: fix possible memory leak in create_units() 2024-11-18 12:11:08 +01:00
firmware firmware: qcom_scm: use 64-bit calling convention only when client is 64-bit 2024-11-18 11:43:25 +01:00
fpga
fsi
gnss
gpio gpiolib: sysfs: Fix error handling on failed export 2024-11-18 12:11:45 +01:00
gpu drm/mediatek: Add spinlock for setting vblank event in atomic_begin 2024-11-18 12:11:56 +01:00
greybus
gud
hid HID: hid-asus: add const to read-only outgoing usb buffer 2024-11-18 12:11:57 +01:00
hsi
hv
hwmon hwmon: (acpi_power_meter) Fix 4.29 MW bug 2024-11-18 12:11:41 +01:00
hwspinlock
hwtracing
i2c i2c: designware: Fix corrupted memory seen in the ISR 2024-11-18 12:11:18 +01:00
i3c i3c: master: cdns: Fix reading status register 2024-11-18 11:43:26 +01:00
ide
idle
ifconn
iio iio: adc: xilinx-xadc: Don't clobber preset voltage/temperature thresholds 2024-11-18 10:58:32 +01:00
infiniband RDMA/bnxt_re: Correct module description string 2024-11-18 12:11:41 +01:00
input Input: xpad - add HyperX Clutch Gladiate Support 2024-11-18 12:11:10 +01:00
interconnect interconnect: qcom: Add support for mask-based BCMs 2024-11-18 11:43:32 +01:00
iommu iommu/vt-d: Add MTL to quirk list to skip TE disabling 2024-11-18 12:11:09 +01:00
ipack
irqchip irqchip/stm32-exti: add missing DT IRQ flag translation 2024-11-18 10:58:46 +01:00
isdn
kperfmon Kperfmon: add xyunbound version 2024-06-15 16:28:49 -03:00
kq/mesh
leds leds: trigger: ledtrig-cpu:: Fix 'output may be truncated' issue for 'cpu' 2024-11-18 11:43:05 +01:00
lightnvm
macintosh
mailbox
mcb mcb: fix error handling for different scenarios when parsing 2024-11-18 11:43:25 +01:00
md bcache: avoid NULL checking to c->root in run_cache_set() 2024-11-18 12:11:56 +01:00
media media: ccs: Correctly initialise try compose rectangle 2024-11-18 12:10:56 +01:00
memory
memstick
message
mfd mfd: dln2: Fix double put in dln2_probe 2024-11-18 11:43:04 +01:00
misc misc: mei: client.c: fix problem of return '-EOVERFLOW' in mei_cl_write 2024-11-18 12:11:45 +01:00
mmc mmc: block: Be sure to wait while busy in CQE error recovery 2024-11-18 12:11:47 +01:00
most
mtd mtd: cfi_cmdset_0001: Byte swap OTP info 2024-11-18 11:43:26 +01:00
muic
mux
net team: Fix use-after-free when an option instance allocation fails 2024-11-18 12:11:57 +01:00
nfc drivers/nfc_logger: Fix implicit int 2024-06-15 16:28:48 -03:00
ntb
nubus
nvdimm nd_btt: Make BTT lanes preemptible 2024-11-18 11:43:03 +01:00
nvme nvmet: nul-terminate the NQNs passed in the connect command 2024-11-18 12:10:55 +01:00
nvmem nvmem: imx: correct nregs for i.MX6UL 2024-11-18 10:58:31 +01:00
of of: base: Fix some formatting issues and provide missing descriptions 2024-11-18 12:11:27 +01:00
opp
oprofile
parisc
parport parport: Add support for Brainboxes IX/UC/PX parallel cards 2024-11-18 12:11:45 +01:00
pci Revert "PCI: acpiphp: Reassign resources on bridge if necessary" 2024-11-18 12:11:50 +01:00
pcmcia pcmcia: ds: fix possible name leak in error path in pcmcia_device_add() 2024-11-18 11:43:06 +01:00
perf perf/arm-cmn: Fix the unhandled overflow status of counter 4 to 7 2024-11-08 11:24:52 +01:00
phy phy: mapphone-mdm6600: Fix pinctrl_pm handling for sleep pins 2024-11-08 11:26:20 +01:00
pinctrl pinctrl: avoid reload of p state in list iteration 2024-11-18 12:11:08 +01:00
platform platform/x86: intel_telemetry: Fix kernel doc descriptions 2024-11-18 12:11:56 +01:00
pnp
power
powercap
pps
ps3
ptp ptp: annotate data-race around q->head and q->tail 2024-11-18 11:43:19 +01:00
pwm pwm: brcmstb: Utilize appropriate clock APIs in suspend/resume 2024-11-18 11:43:07 +01:00
rapidio
ras
regulator regulator/core: Revert "fix kobject release warning and memory leak in regulator_register()" 2024-11-08 11:26:17 +01:00
remoteproc
reset
rpmsg rpmsg: Fix possible refcount leak in rpmsg_register_device_override() 2024-11-18 10:58:46 +01:00
rtc rtc: pcf85363: fix wrong mask/val parameters in regmap_update_bits call 2024-11-18 11:43:06 +01:00
s390 s390/dasd: protect device queue against concurrent access 2024-11-18 12:10:57 +01:00
samsung Fix clang 16 errors treewide 2024-06-15 16:28:48 -03:00
sbus
scsi scsi: be2iscsi: Fix a memleak in beiscsi_init_wrb_handle() 2024-11-18 12:11:41 +01:00
sensorhub treewide: fix build errors 2024-06-15 16:21:17 -03:00
sensors
sfi
sh
siox
slimbus
soc soc: qcom: llcc: Handle a second device without data corruption 2024-11-18 11:43:02 +01:00
soundwire soundwire: stream: fix NULL pointer dereference for multi_link 2024-11-18 12:11:57 +01:00
spi spi: spi-zynq-qspi: add spi-mem to driver kconfig dependencies 2024-11-18 11:43:11 +01:00
spmi
spu_verify
ssb
staging net: vlan: introduce skb_vlan_eth_hdr() 2024-11-18 12:11:48 +01:00
sti
target
tc
tee tee: optee: Fix supplicant based device enumeration 2024-11-18 12:11:39 +01:00
thermal thermal: core: prevent potential string overflow 2024-11-18 11:42:50 +01:00
thunderbolt thunderbolt: Workaround an IOMMU fault on certain systems with Intel Maple Ridge 2024-11-08 11:26:11 +01:00
tty tty: n_gsm: add sanity check for gsm->receive in gsm_receive_buf() 2024-11-18 12:11:58 +01:00
uh
uio
usb USB: gadget: core: adjust uevent timing on gadget unbind 2024-11-18 12:11:57 +01:00
vdpa
vfio
vhost
vibrator
video fbdev: stifb: Make the STI next font pointer a 32-bit signed offset 2024-11-18 12:11:12 +01:00
virt
virtio virtio-mmio: fix memory leak of vm_dev 2024-11-18 10:58:28 +01:00
vision
vision3
visorbus
vlynq
vme
w1
watchdog
xen swiotlb-xen: provide the "max_mapping_size" method 2024-11-18 12:10:57 +01:00
zorro
Kconfig drivers: add stub kperfmon 2024-06-15 16:28:49 -03:00
Kconfig.variant1
Makefile drivers: add stub kperfmon 2024-06-15 16:28:49 -03:00
Makefile.variant1