ieee802154: ca8210: Fix a potential UAF in ca8210_probe
stable inclusion from stable-v5.10.199 commit 55e06850c7894f00d41b767c5f5665459f83f58f category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I95ASM CVE: CVE-2023-52510 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=55e06850c7894f00d41b767c5f5665459f83f58f -------------------------------- [ Upstream commit f990874b ] If of_clk_add_provider() fails in ca8210_register_ext_clock(), it calls clk_unregister() to release priv->clk and returns an error. However, the caller ca8210_probe() then calls ca8210_remove(), where priv->clk is freed again in ca8210_unregister_ext_clock(). In this case, a use-after-free may happen in the second time we call clk_unregister(). Fix this by removing the first clk_unregister(). Also, priv->clk could be an error code on failure of clk_register_fixed_rate(). Use IS_ERR_OR_NULL to catch this case in ca8210_unregister_ext_clock(). Fixes: ded845a7 ("ieee802154: Add CA8210 IEEE 802.15.4 device driver") Signed-off-by:Dinghao Liu <dinghao.liu@zju.edu.cn> Message-ID: <20231007033049.22353-1-dinghao.liu@zju.edu.cn> Signed-off-by:
Loading
Please sign in to comment