git.hungrycats.org Git - linux/commit

author	Hans de Goede <hdegoede@redhat.com>
	Sat, 5 Oct 2024 13:05:45 +0000 (15:05 +0200)
committer	Greg Kroah-Hartman <gregkh@linuxfoundation.org>
	Sun, 17 Nov 2024 14:07:22 +0000 (15:07 +0100)
commit	ba0b09a2f327319e252d8f3032019b958c0a5cd9
tree	ec21d45c2aec755781a36cfa09146dcc5301603e	tree \| snapshot
parent	486aeb5f1855c75dd810c25036134961bd2a6722	commit \| diff

platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors

commit 2fae3129c0c08e72b1fe93e61fd8fd203252094a upstream.

x86_android_tablet_remove() frees the pdevs[] array, so it should not
be used after calling x86_android_tablet_remove().

When platform_device_register() fails, store the pdevs[x] PTR_ERR() value
into the local ret variable before calling x86_android_tablet_remove()
to avoid using pdevs[] after it has been freed.

Fixes: 5eba0141206e ("platform/x86: x86-android-tablets: Add support for instantiating platform-devs")
Fixes: e2200d3f26da ("platform/x86: x86-android-tablets: Add gpio_keys support to x86_android_tablet_init()")
Cc: stable@vger.kernel.org
Reported-by: Aleksandr Burakov <a.burakov@rosalinux.ru>
Closes: https://lore.kernel.org/platform-driver-x86/20240917120458.7300-1-a.burakov@rosalinux.ru/
Signed-off-by: Hans de Goede <hdegoede@redhat.com>
Link: https://lore.kernel.org/r/20241005130545.64136-1-hdegoede@redhat.com
[Xiangyu: Modified file path to backport this commit to fix CVE: CVE-2024-49986]
Signed-off-by: Xiangyu Chen <xiangyu.chen@windriver.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>