Commit ccfac63b authored by Greg Kroah-Hartman's avatar Greg Kroah-Hartman Committed by Yang Yingliang
Browse files

moxart: fix potential use-after-free on remove path 



mainline inclusion
from mainline-v5.17
commit bd2db32e
category: bugfix
bugzilla: NA
CVE: CVE-2022-0487

--------------------------------

It was reported that the mmc host structure could be accessed after it
was freed in moxart_remove(), so fix this by saving the base register of
the device and using it instead of the pointer dereference.

Cc: Ulf Hansson <ulf.hansson@linaro.org>
Cc: Xiyu Yang <xiyuyang19@fudan.edu.cn>
Cc: Xin Xiong <xiongx18@fudan.edu.cn>
Cc: Xin Tan <tanxin.ctf@gmail.com>
Cc: Tony Lindgren <tony@atomide.com>
Cc: Yang Li <yang.lee@linux.alibaba.com>
Cc: linux-mmc@vger.kernel.org
Cc: stable <stable@vger.kernel.org>
Reported-by: default avatarwhitehat002 <hackyzh002@gmail.com>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
Link: https://lore.kernel.org/r/20220127071638.4057899-1-gregkh@linuxfoundation.org


Signed-off-by: default avatarUlf Hansson <ulf.hansson@linaro.org>
Conflicts:
  drivers/mmc/host/moxart-mmc.c
[yyl: adjust conext]
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
Reviewed-by: default avatarWang Weiyang <wangweiyang2@huawei.com>
Signed-off-by: default avatarYang Yingliang <yangyingliang@huawei.com>
parent 77eace99
Show whitespace changes
Inline Side-by-side
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please to comment