diff options
| author | Oleksij Rempel <[email protected]> | 2021-05-21 13:57:20 +0200 | 
|---|---|---|
| committer | Marc Kleine-Budde <[email protected]> | 2021-06-16 12:52:18 +0200 | 
| commit | 2030043e616cab40f510299f09b636285e0a3678 (patch) | |
| tree | fd668a0e0799cb62026702c9278ed3a9e0e41537 /scripts/gdb/linux/mm.py | |
| parent | a4f0377db1254373513b992ff31a351a7111f0fd (diff) | |
can: j1939: fix Use-after-Free, hold skb ref while in use
This patch fixes a Use-after-Free found by the syzbot.
The problem is that a skb is taken from the per-session skb queue,
without incrementing the ref count. This leads to a Use-after-Free if
the skb is taken concurrently from the session queue due to a CTS.
Fixes: 9d71dd0c7009 ("can: add support of SAE J1939 protocol")
Link: https://lore.kernel.org/r/[email protected]
Cc: Hillf Danton <[email protected]>
Cc: linux-stable <[email protected]>
Reported-by: [email protected]
Reported-by: [email protected]
Signed-off-by: Oleksij Rempel <[email protected]>
Signed-off-by: Marc Kleine-Budde <[email protected]>
Diffstat (limited to 'scripts/gdb/linux/mm.py')
0 files changed, 0 insertions, 0 deletions