Re: [PATCH 1/2] USB: serial: console: fix use-after-free on disconnect

From: Johan Hovold
Date: Mon Oct 09 2017 - 07:10:43 EST


On Mon, Oct 09, 2017 at 01:05:30PM +0200, Andrey Konovalov wrote:
> On Wed, Oct 4, 2017 at 11:01 AM, Johan Hovold <johan@xxxxxxxxxx> wrote:
> > A clean-up patch removing removing two redundant NULL-checks from the
> > console disconnect handler inadvertently also removed a third check.
> > This could lead to the struct usb_serial being prematurely freed by the
> > console code when a driver accepts but does not register any ports for
> > an interface which also lacks endpoint descriptors.
> >
> > Fixes: 0e517c93dc02 ("USB: serial: console: clean up sanity checks")
> > Cc: stable <stable@xxxxxxxxxxxxxxx> # 4.11
> > Reported-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
>
> Tested-by: Andrey Konovalov <andreyknvl@xxxxxxxxxx>
>
> This fixes the crash.

I just forwarded this one in a pull-request to Greg, but thanks for
testing nonetheless.

Johan