diff options
author | Takashi Iwai <tiwai@suse.de> | 2018-03-05 22:00:55 +0100 |
---|---|---|
committer | Takashi Iwai <tiwai@suse.de> | 2018-03-08 08:59:26 +0100 |
commit | d85739367c6d56e475c281945c68fdb05ca74b4c (patch) | |
tree | dbe72abbd30b4eb2f85f2946d5c79ff42e886dbc /crypto/tcrypt.c | |
parent | e312a869cd726c698a75caca0d9e5c22fd3f1534 (diff) |
ALSA: seq: Don't allow resizing pool in use
This is a fix for a (sort of) fallout in the recent commit
d15d662e89fc ("ALSA: seq: Fix racy pool initializations") for
CVE-2018-1000004.
As the pool resize deletes the existing cells, it may lead to a race
when another thread is writing concurrently, eventually resulting a
UAF.
A simple workaround is not to allow the pool resizing when the pool is
in use. It's an invalid behavior in anyway.
Fixes: d15d662e89fc ("ALSA: seq: Fix racy pool initializations")
Reported-by: 范龙飞 <long7573@126.com>
Reported-by: Nicolai Stange <nstange@suse.de>
Cc: <stable@vger.kernel.org>
Signed-off-by: Takashi Iwai <tiwai@suse.de>
Diffstat (limited to 'crypto/tcrypt.c')
0 files changed, 0 insertions, 0 deletions