Skip to content
Snippets Groups Projects
Select Git revision
  • r128-next default
  • drm-misc-next
  • drm-misc-fixes
  • for-linux-next-fixes
  • drm-misc-next-fixes
  • for-linux-next
  • topic/rust-drm
  • drm-misc-templates protected
  • drm-misc-fixes-2024-09-12
  • drm-misc-fixes-2024-09-05
  • drm-misc-next-fixes-2024-09-05
  • drm-misc-fixes-2024-08-29
  • drm-misc-next-2024-08-29
  • drm-misc-next-2024-08-22
  • drm-misc-fixes-2024-08-22
  • drm-misc-next-2024-08-16
  • drm-misc-fixes-2024-08-15
  • drm-misc-next-2024-08-09
  • drm-misc-fixes-2024-08-08
  • drm-misc-next-2024-08-01
  • drm-misc-fixes-2024-08-01
  • drm-misc-next-fixes-2024-07-25
  • drm-misc-next-fixes-2024-07-19
  • drm-misc-next-fixes-2024-07-11
  • drm-misc-fixes-2024-07-11
  • drm-misc-next-2024-07-04
  • drm-misc-fixes-2024-07-04
  • drm-misc-next-2024-06-27
28 results
Compare
user avatar
iommu: fix KASAN use-after-free in iommu_insert_resv_region
Eric Auger authored 
In case the new region gets merged into another one, the nr list node is
freed.  Checking its type while completing the merge algorithm leads to
a use-after-free.  Use new->type instead.

Fixes: 4dbd258f ("iommu: Revisit iommu_insert_resv_region() implementation")
Signed-off-by: default avatarEric Auger <eric.auger@redhat.com>
Reported-by: default avatarQian Cai <cai@lca.pw>
Reviewed-by: default avatarJerry Snitselaar <jsnitsel@redhat.com>
Cc: Stable <stable@vger.kernel.org> #v5.3+
Signed-off-by: default avatarLinus Torvalds <torvalds@linux-foundation.org>
4c80ba39
History
user avatar 4c80ba39
History
Name Last commit Last update