Skip to content

i2c: Fix a potential use after free

David Arcari requested to merge darcari/centos-stream-9:26851 into main

JIRA: https://issues.redhat.com/browse/RHEL-26851
CVE: CVE-2019-25162

commit e4c72c06c367758a14f227c847f9d623f1994ecf
Author: Xu Wang vulab@iscas.ac.cn
Date: Fri Dec 27 09:34:32 2019 +0000

i2c: Fix a potential use after free  

Free the adap structure only after we are done using it.  
This patch just moves the put_device() down a bit to avoid the  
use after free.  

Fixes: 611e12ea0f12 ("i2c: core: manage i2c bus device refcount in i2c_[get|put]_adapter")  
Signed-off-by: Xu Wang <vulab@iscas.ac.cn>  
[wsa: added comment to the code, added Fixes tag]  
Signed-off-by: Wolfram Sang <wsa@kernel.org>

Signed-off-by: David Arcari darcari@redhat.com

Merge request reports