Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

This project is archived. Its data is read-only.

Commit cde6dc92 authored Dec 02, 2020 by Vamsi krishna Gattupalli Committed by Alexander Grund Sep 12, 2021

msm:ADSPRPC :Fix to avoid Use after free in fastrpc_internal_munmap



Added a check to validate map before freeing it to avoid Use after
free scenario.

Change-Id: Ic723a4fe964a4909119663500018f2a07976105b
Signed-off-by: Vamsi krishna Gattupalli <vgattupa@codeaurora.org>
CVE-2021-1927

parent 732a2464

drivers/char/adsprpc.c

+7 −5

Original line number	Diff line number	Diff line
		@@ -2328,11 +2328,13 @@ static int fastrpc_internal_munmap(struct fastrpc_file *fl,
		VERIFY(err, !fastrpc_mmap_remove(fl, ud->vaddrout, ud->size, &map));
		if (err)
		goto bail;
		if (map) {
		VERIFY(err, !fastrpc_munmap_on_dsp(fl, map->raddr,
		map->phys, map->size, map->flags));
		if (err)
		goto bail;
		fastrpc_mmap_free(map);
		}
		bail:
		if (err && map)
		fastrpc_mmap_add(map);