Re: [alsa-devel] usb/sound: use-after-free in __uac_clock_find_source

From: Takashi Iwai
Date: Tue Nov 21 2017 - 11:27:34 EST

Next message: Steven Rostedt: "Re: [PATCH RT 5/8] sched: Remove TASK_ALL"
Previous message: Takashi Iwai: "Re: [alsa-devel] usb/sound: slab-out-of-bounds in parse_audio_unit"
In reply to: Andrey Konovalov: "usb/sound: use-after-free in __uac_clock_find_source"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 21 Nov 2017 14:52:00 +0100,
Andrey Konovalov wrote:
>
> Hi!
>
> I've got the following report while fuzzing the kernel with syzkaller.
>
> On commit e1d1ea549b57790a3d8cf6300e6ef86118d692a3 (4.15-rc1).
>
> This actually looks more like an out-of-bounds with large offset than
> a use-after-free due to unrelated alloc and free stack traces.

Yes, similar as the previous report, but at this time, it's about the
clock selector stuff. Will provide the fix patch, too.

thanks,

Takashi

Next message: Steven Rostedt: "Re: [PATCH RT 5/8] sched: Remove TASK_ALL"
Previous message: Takashi Iwai: "Re: [alsa-devel] usb/sound: slab-out-of-bounds in parse_audio_unit"
In reply to: Andrey Konovalov: "usb/sound: use-after-free in __uac_clock_find_source"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]