net: ethernet: fix potential use-after-free in ec_bhf_remove
stable inclusion from stable-v4.19.196 commit 0260916843cc74f3906acf8b6f256693e01530a2 category: bugfix bugzilla: https://gitee.com/src-openeuler/kernel/issues/I9R4HZ CVE: CVE-2021-47235 Reference: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?id=0260916843cc74f3906acf8b6f256693e01530a2 -------------------------------- [ Upstream commit 9cca0c2d ] static void ec_bhf_remove(struct pci_dev *dev) { ... struct ec_bhf_priv *priv = netdev_priv(net_dev); unregister_netdev(net_dev); free_netdev(net_dev); pci_iounmap(dev, priv->dma_io); pci_iounmap(dev, priv->io); ... } priv is netdev private data, but it is used after free_netdev(). It can cause use-after-free when accessing priv pointer. So, fix it by moving free_netdev() after pci_iounmap() calls. Fixes: 6af55ff5 ("Driver for Beckhoff CX5020 EtherCAT master module.") Signed-off-by:Pavel Skripkin <paskripkin@gmail.com> Signed-off-by:
Loading
Please sign in to comment